Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/334856?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/334856?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.0.4-r1", "type": "ebuild", "namespace": "net-libs", "name": "xulrunner-bin", "version": "3.0.4-r1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.14", "latest_non_vulnerable_version": "10.0.11", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2670?format=api", "vulnerability_id": "VCID-114z-7ta8-mqe7", "summary": "Security researcher Gregory Fleischer reported\nthat when an Adobe Flash file is loaded via\nthe view-source: scheme, the Flash plugin misinterprets\nthe origin of the content as localhost, leading to two specific\nvulnerabilities:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01373", "scoring_system": "epss", "scoring_elements": "0.8054", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263", "reference_id": "496263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496263" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307", "reference_id": "CVE-2009-1307", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-17", "reference_id": "mfsa2009-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1307" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-114z-7ta8-mqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2482?format=api", "vulnerability_id": "VCID-12eu-2nge-u3hu", "summary": "Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.504", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4068" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463248", "reference_id": "463248", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068", "reference_id": "CVE-2008-4068", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44", "reference_id": "mfsa2008-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4068" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12eu-2nge-u3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74197?format=api", "vulnerability_id": "VCID-12q6-5pjj-q7d6", "summary": ": Firefox DoS (crash) via crafted web site that triggers memory consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00947", "scoring_system": "epss", "scoring_elements": "0.76634", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0220" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=579085", "reference_id": "579085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=579085" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0220" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12q6-5pjj-q7d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2242?format=api", "vulnerability_id": "VCID-13rr-43nj-h7af", "summary": "Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62853", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446", "reference_id": "CVE-2012-0446", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05", "reference_id": "mfsa2012-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0446" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13rr-43nj-h7af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2161?format=api", "vulnerability_id": "VCID-16sb-uhrd-xfaf", "summary": "Mozilla developer Blake Kaplan reported that the \nwindow.location object was made a normal overridable JavaScript object\nin the Firefox 3.6 browser engine (Gecko 1.9.2) because new mechanisms\nwere developed to enforce the same-origin policy between windows and frames.\nThis object is unfortunately also used by some plugins to determine the page\norigin used for access restrictions. A malicious page could override this\nobject to fool a plugin into granting access to data on another site or the\nlocal file system. The behavior of older Firefox versions has been restored.\nThis flaw does not affect earlier versions of Firefox, or other\nprograms such as Thunderbird or SeaMonkey built on older versions\nof the browser engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66225", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170", "reference_id": "CVE-2010-0170", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10", "reference_id": "mfsa2010-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16sb-uhrd-xfaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2600?format=api", "vulnerability_id": "VCID-18dk-sq41-5kfp", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04029", "scoring_system": "epss", "scoring_elements": "0.88679", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686", "reference_id": "521686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070", "reference_id": "CVE-2009-3070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18dk-sq41-5kfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2297?format=api", "vulnerability_id": "VCID-19ut-3c72-1kfk", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.8511", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4215" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215", "reference_id": "CVE-2012-4215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4215" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19ut-3c72-1kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2870?format=api", "vulnerability_id": "VCID-1m8n-68ks-cqd4", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08708", "scoring_system": "epss", "scoring_elements": "0.92611", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2996" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741903", "reference_id": "741903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996", "reference_id": "CVE-2011-2996", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2996" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m8n-68ks-cqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2316?format=api", "vulnerability_id": "VCID-1nsv-4xw6-q3bh", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04246", "scoring_system": "epss", "scoring_elements": "0.88966", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973", "reference_id": "CVE-2012-1973", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1973" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nsv-4xw6-q3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2274?format=api", "vulnerability_id": "VCID-1rgf-x73x-33dk", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent\nis released and oldFocusedContent is used afterwards. This use-after-free could\npossibly allow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03872", "scoring_system": "epss", "scoring_elements": "0.8843", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1958" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211", "reference_id": "840211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958", "reference_id": "CVE-2012-1958", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48", "reference_id": "mfsa2012-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgf-x73x-33dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78287?format=api", "vulnerability_id": "VCID-1ujh-zyv7-cqde", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03757", "scoring_system": "epss", "scoring_elements": "0.88227", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936", "reference_id": "422936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt", "reference_id": "CVE-2007-2437;OSVDB-34905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt" }, { "reference_url": "https://www.securityfocus.com/bid/23741/info", "reference_id": "CVE-2007-2437;OSVDB-34905", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/23741/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2007-2437" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ujh-zyv7-cqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2322?format=api", "vulnerability_id": "VCID-1v1p-3xrs-jfgt", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3958" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958", "reference_id": "CVE-2012-3958", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v1p-3xrs-jfgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2396?format=api", "vulnerability_id": "VCID-2479-hg85-6qa5", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free while replacing/inserting a node in a document.\nThis use-after-free could possibly allow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1946", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81102", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1946" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832", "reference_id": "827832", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946", "reference_id": "CVE-2012-1946", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38", "reference_id": "mfsa2012-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1946" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2479-hg85-6qa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2634?format=api", "vulnerability_id": "VCID-26q8-bbpg-5fgk", "summary": "Mozilla community member Michael reported that\nwhen a server responds with a Refresh header containing a\njavascript: URI, Firefox will redirect to the javascript: URI. If an\nattacker could inject a Refresh header into a server\nresponse, or could control the value that a site places in\nthe Refresh header, they could use this vulnerability to\nperform an XSS attack and execute arbitrary JavaScript within the\ncontext of that site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05662", "scoring_system": "epss", "scoring_elements": "0.90508", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496274", "reference_id": "496274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312", "reference_id": "CVE-2009-1312", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt", "reference_id": "CVE-2009-1312;OSVDB-53952", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt" }, { "reference_url": "https://www.securityfocus.com/bid/34656/info", "reference_id": "CVE-2009-1312;OSVDB-53952", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/34656/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-22", "reference_id": "mfsa2009-22", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1312" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26q8-bbpg-5fgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2838?format=api", "vulnerability_id": "VCID-2a9n-tz4u-jyep", "summary": "Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response \nMozilla behavior differed from other browsers: Mozilla would use the second\nLocation header while Chrome and Internet Explorer would use\nthe first. Two copies of this header with different values could be a symptom\nof a CRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely to be\nthe malicious one. It is possible, however, that the first copy was the\ninjected one depending on the nature of the server vulnerability.\nThe Mozilla browser engine has been changed to treat two copies of this\nheader with different values as an error condition. The same has been done\nwith the headers Content-Length and Content-Disposition", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80045", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3000" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741905", "reference_id": "741905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000", "reference_id": "CVE-2011-3000", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-39", "reference_id": "mfsa2011-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3000" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2a9n-tz4u-jyep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2312?format=api", "vulnerability_id": "VCID-2b7j-hzma-nbfb", "summary": "Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03581", "scoring_system": "epss", "scoring_elements": "0.8794", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827833", "reference_id": "827833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441", "reference_id": "CVE-2012-0441", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39", "reference_id": "mfsa2012-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1090", "reference_id": "RHSA-2012:1090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1091", "reference_id": "RHSA-2012:1091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1091" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" }, { "reference_url": "https://usn.ubuntu.com/1540-1/", "reference_id": "USN-1540-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1540-1/" }, { "reference_url": "https://usn.ubuntu.com/1540-2/", "reference_id": "USN-1540-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1540-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0441" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2b7j-hzma-nbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2196?format=api", "vulnerability_id": "VCID-2bc6-1f4c-fkag", "summary": "Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.67136", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576696", "reference_id": "576696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171", "reference_id": "CVE-2010-0171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12", "reference_id": "mfsa2010-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bc6-1f4c-fkag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2474?format=api", "vulnerability_id": "VCID-2e82-n7c1-5kc3", "summary": "Marius Schilder of Google Security reported that\nwhen a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR. Cookies marked HttpOnly were not readable, but\nother potentially sensitive data could be revealed in the XHR response\nincluding URL parameters and content in the response body.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67177", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5506" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476278", "reference_id": "476278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506", "reference_id": "CVE-2008-5506", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64", "reference_id": "mfsa2008-64", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5506" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2e82-n7c1-5kc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2178?format=api", "vulnerability_id": "VCID-2j5j-gpjs-ubfp", "summary": "Matt Haggard reported that\nthe statusText property of an XMLHttpRequest\nobject is readable by the requester even when the request is made\nacross origins. This status information reveals the presence of a web\nserver and could be used to gather information about servers on\ninternal private networks.This issue was also independently reported to Mozilla\nby Nicholas Berthaume", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00878", "scoring_system": "epss", "scoring_elements": "0.75643", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630078", "reference_id": "630078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764", "reference_id": "CVE-2010-2764", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63", "reference_id": "mfsa2010-63", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2764" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2j5j-gpjs-ubfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2856?format=api", "vulnerability_id": "VCID-2pzu-trgn-cfgj", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nthe problem described in MFSA 2011-43 and fixed in\nFirefox 7 also affected Firefox 3.6: a malicious page could potentially\nexploit a Firefox user who had installed an add-on that used loadSubscript\nin vulnerable ways.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00769", "scoring_system": "epss", "scoring_elements": "0.73803", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751931", "reference_id": "751931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647", "reference_id": "CVE-2011-3647", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-46", "reference_id": "mfsa2011-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3647" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pzu-trgn-cfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2665?format=api", "vulnerability_id": "VCID-2r2b-3wt6-wuh2", "summary": "Mozilla security researcher moz_bug_r_a4 reported\na series of vulnerabilities in which objects that normally receive\na XPCCrossOriginWrapper are constructed without the\nwrapper. This can lead to cases where JavaScript from one website may\nunsafely access properties of such an object which had been set by a\ndifferent website. A malicious website could use this vulnerability\nto launch a XSS attack and run arbitrary JavaScript within the context\nof another site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.007", "scoring_system": "epss", "scoring_elements": "0.7233", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2472" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512147", "reference_id": "512147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472", "reference_id": "CVE-2009-2472", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-40", "reference_id": "mfsa2009-40", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2472" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2r2b-3wt6-wuh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2810?format=api", "vulnerability_id": "VCID-2tsg-45kt-nycb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05475", "scoring_system": "epss", "scoring_elements": "0.90338", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0084" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730519", "reference_id": "730519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084", "reference_id": "CVE-2011-0084", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0084" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tsg-45kt-nycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2387?format=api", "vulnerability_id": "VCID-2u4r-fn32-n7d3", "summary": "Security researcher Mariusz Mlynski reported that when a\npage opens a new tab, a subsequent window can then be opened that can be\nnavigated to about:newtab, a chrome privileged page. Once\nabout:newtab is loaded, the special context can potentially be used\nto escalate privilege, allowing for arbitrary code execution on the local system\nin a maliciously crafted attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01126", "scoring_system": "epss", "scoring_elements": "0.78596", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851916", "reference_id": "851916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965", "reference_id": "CVE-2012-3965", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-60", "reference_id": "mfsa2012-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-60" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2u4r-fn32-n7d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2032?format=api", "vulnerability_id": "VCID-2vaj-7wrh-juhc", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04573", "scoring_system": "epss", "scoring_elements": "0.89379", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829", "reference_id": "CVE-2012-5829", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-02", "reference_id": "mfsa2013-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" }, { "reference_url": "https://usn.ubuntu.com/1681-1/", "reference_id": "USN-1681-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1681-1/" }, { "reference_url": "https://usn.ubuntu.com/1681-2/", "reference_id": "USN-1681-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1681-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5829" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vaj-7wrh-juhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88950?format=api", "vulnerability_id": "VCID-3149-34hy-pqds", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01483", "scoring_system": "epss", "scoring_elements": "0.81314", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3073" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2007-3073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3149-34hy-pqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2164?format=api", "vulnerability_id": "VCID-36bj-gja7-gkch", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26203", "scoring_system": "epss", "scoring_elements": "0.96386", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166", "reference_id": "CVE-2010-0166", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html", "reference_id": "CVE-2010-0166;OSVDB-63266", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html" }, { "reference_url": "https://www.securityfocus.com/bid/38943/info", "reference_id": "CVE-2010-0166;OSVDB-63266", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38943/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0166" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36bj-gja7-gkch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2234?format=api", "vulnerability_id": "VCID-37t5-vgwu-yqe1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02016", "scoring_system": "epss", "scoring_elements": "0.84019", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995", "reference_id": "CVE-2012-3995", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3995" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37t5-vgwu-yqe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2383?format=api", "vulnerability_id": "VCID-3ap9-a2as-q7hd", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01465", "scoring_system": "epss", "scoring_elements": "0.81192", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462", "reference_id": "CVE-2012-0462", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0462" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ap9-a2as-q7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2281?format=api", "vulnerability_id": "VCID-3bx3-fn1g-4kbh", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01281", "scoring_system": "epss", "scoring_elements": "0.7989", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1952" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952", "reference_id": "CVE-2012-1952", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1952" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3bx3-fn1g-4kbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=api", "vulnerability_id": "VCID-3cum-vygx-wfae", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07986", "scoring_system": "epss", "scoring_elements": "0.92207", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615464", "reference_id": "615464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752", "reference_id": "CVE-2010-2752", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py", "reference_id": "CVE-2010-2752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39", "reference_id": "mfsa2010-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cum-vygx-wfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2580?format=api", "vulnerability_id": "VCID-3g7q-89gg-hkb5", "summary": "Mozilla developer Daniel Veditz reported that when\nthe jar: scheme is used to wrap a URI which serves the\ncontent with Content-Disposition: attachment, the HTTP\nheader is ignored and the content is unpacked and displayed inline. A\nsite may depend on this HTTP header to prevent potentially untrusted\ncontent that it serves from executing within the context of the site.\nAn attacker could use this vulnerability to subvert sites using this\nmechanism to mitigate content injection attacks.This vulnerability has not been fixed on the Mozilla 1.8.1 branch,\nwhich is used to build Firefox 2 and Thunderbird 2. However, note\nthat there are several mitigating factors which prevent easy\nexploitation of this issue. In order for a website to be exploitable\nit must:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1306", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83277", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1306" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262", "reference_id": "496262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306", "reference_id": "CVE-2009-1306", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-16", "reference_id": "mfsa2009-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1306" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3g7q-89gg-hkb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2422?format=api", "vulnerability_id": "VCID-3gwb-npby-tbek", "summary": "Justin Schuh and Tom Cross of the\nIBM X-Force and Peter Williams of IBM Watson Labs reported\nerrors in Mozilla URL parsing routines. These errors could be exploited\nusing a specially crafted UTF-8 URL in a hyperlink which could overflow\na stack buffer and allow an attacker to execute arbitrary code.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48604", "scoring_system": "epss", "scoring_elements": "0.978", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463181", "reference_id": "463181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016", "reference_id": "CVE-2008-0016", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py", "reference_id": "CVE-2008-0016;OSVDB-48780", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-37", "reference_id": "mfsa2008-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-0016" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gwb-npby-tbek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2378?format=api", "vulnerability_id": "VCID-3jng-4mfe-q7a5", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03612", "scoring_system": "epss", "scoring_elements": "0.87982", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1939" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939", "reference_id": "CVE-2012-1939", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1939" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jng-4mfe-q7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2577?format=api", "vulnerability_id": "VCID-3maa-g3v4-eqc4", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03426", "scoring_system": "epss", "scoring_elements": "0.87665", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512135", "reference_id": "512135", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465", "reference_id": "CVE-2009-2465", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2465" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3maa-g3v4-eqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74260?format=api", "vulnerability_id": "VCID-3mbe-hcw2-ayfc", "summary": "firefox 3.5 various flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04071", "scoring_system": "epss", "scoring_elements": "0.88731", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py", "reference_id": "OSVDB-55932;CVE-2009-2478", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2478" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mbe-hcw2-ayfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2442?format=api", "vulnerability_id": "VCID-3qjw-kmzd-hubj", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0348", "scoring_system": "epss", "scoring_elements": "0.87773", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463190", "reference_id": "463190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058", "reference_id": "CVE-2008-4058", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4058" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qjw-kmzd-hubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2243?format=api", "vulnerability_id": "VCID-3rmk-5j6r-sydb", "summary": "Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00577", "scoring_system": "epss", "scoring_elements": "0.69128", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877627", "reference_id": "877627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208", "reference_id": "CVE-2012-4208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99", "reference_id": "mfsa2012-99", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rmk-5j6r-sydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2379?format=api", "vulnerability_id": "VCID-3rsc-9zzp-qfeh", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01723", "scoring_system": "epss", "scoring_elements": "0.82716", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1937" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937", "reference_id": "CVE-2012-1937", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1937" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rsc-9zzp-qfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71853?format=api", "vulnerability_id": "VCID-3tx3-d3d3-k3gh", "summary": "firefox: doesn't (re)validate certificates when loading HTTPS page", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62515", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0082" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709165", "reference_id": "709165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709165" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0082" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tx3-d3d3-k3gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2267?format=api", "vulnerability_id": "VCID-3uq6-mbus-sudu", "summary": "Mateusz Jurczyk of the Google Security Team discovered an\noff-by-one error in the OpenType Sanitizer using the Address Sanitizer tool.\nThis can lead to an out-of-bounds read and execution of an uninitialized\nfunction pointer during parsing and possible remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02392", "scoring_system": "epss", "scoring_elements": "0.85282", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815042", "reference_id": "815042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062", "reference_id": "CVE-2011-3062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062" }, { "reference_url": "https://security.gentoo.org/glsa/201203-24", "reference_id": "GLSA-201203-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-24" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-31", "reference_id": "mfsa2012-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3062" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uq6-mbus-sudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2781?format=api", "vulnerability_id": "VCID-413h-nkvf-wbck", "summary": "Mark Kaplan reported a potentially exploitable crash due to\ninteger underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this problem.\nThe Regular Expression engine was replaced in Firefox 4 and\nthe newer engine does not suffer from this bug.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03711", "scoring_system": "epss", "scoring_elements": "0.88167", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2998" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741924", "reference_id": "741924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998", "reference_id": "CVE-2011-2998", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-37", "reference_id": "mfsa2011-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1343", "reference_id": "RHSA-2011:1343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1344", "reference_id": "RHSA-2011:1344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1344" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2998" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-413h-nkvf-wbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88957?format=api", "vulnerability_id": "VCID-43ch-bzjt-1ycr", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70725", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3399" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43ch-bzjt-1ycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=api", "vulnerability_id": "VCID-43q7-k9by-2uhh", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04219", "scoring_system": "epss", "scoring_elements": "0.88933", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962", "reference_id": "CVE-2012-3962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3962" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43q7-k9by-2uhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2470?format=api", "vulnerability_id": "VCID-457x-cvps-5kbr", "summary": "Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed. The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0134", "scoring_system": "epss", "scoring_elements": "0.80311", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463234", "reference_id": "463234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065", "reference_id": "CVE-2008-4065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43", "reference_id": "mfsa2008-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4065" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-457x-cvps-5kbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2269?format=api", "vulnerability_id": "VCID-477c-8h5g-nqha", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78386", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614", "reference_id": "877614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842", "reference_id": "CVE-2012-5842", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91", "reference_id": "mfsa2012-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5842" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-477c-8h5g-nqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2299?format=api", "vulnerability_id": "VCID-479a-zv6z-2feu", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02828", "scoring_system": "epss", "scoring_elements": "0.86418", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839", "reference_id": "CVE-2012-5839", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5839" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-479a-zv6z-2feu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2318?format=api", "vulnerability_id": "VCID-47rg-f2g6-hyff", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87451", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975", "reference_id": "CVE-2012-1975", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1975" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47rg-f2g6-hyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2853?format=api", "vulnerability_id": "VCID-48bp-txah-9qbh", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.8564", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365", "reference_id": "CVE-2011-2365", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2365" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48bp-txah-9qbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2785?format=api", "vulnerability_id": "VCID-48rt-hx1w-p7ct", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700642", "reference_id": "700642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069", "reference_id": "CVE-2011-0069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48rt-hx1w-p7ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2462?format=api", "vulnerability_id": "VCID-4bey-3rug-uuev", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in nsXMLDocument::OnChannelRedirect()\ncould be bypassed. This vulnerability could be used to execute JavaScript\nin the context of a different website.Firefox 3 is not affected by this issueThunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30833", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463182", "reference_id": "463182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463182" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835", "reference_id": "CVE-2008-3835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38", "reference_id": "mfsa2008-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-3835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bey-3rug-uuev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2240?format=api", "vulnerability_id": "VCID-4ch9-f2dm-17f1", "summary": "Security researcher Masato Kinugawa found that during the\ndecoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024\nbytes are treated incorrectly, either doubling or deleting bytes. On certain\npages it might be possible for an attacker to pad the output of the page such\nthat these errors fall in the right place to affect the structure of the page,\nallowing for cross-site script (XSS) injection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72828", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815026", "reference_id": "815026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477", "reference_id": "CVE-2012-0477", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-29", "reference_id": "mfsa2012-29", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ch9-f2dm-17f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2661?format=api", "vulnerability_id": "VCID-4fs2-bedf-wbg3", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06664", "scoring_system": "epss", "scoring_elements": "0.9136", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1304" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496255", "reference_id": "496255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304", "reference_id": "CVE-2009-1304", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1304" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fs2-bedf-wbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=api", "vulnerability_id": "VCID-4fvg-h8g2-uqhk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03871", "scoring_system": "epss", "scoring_elements": "0.88428", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455", "reference_id": "615455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211", "reference_id": "CVE-2010-1211", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34", "reference_id": "mfsa2010-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1211" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fvg-h8g2-uqhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2865?format=api", "vulnerability_id": "VCID-4hm6-cvca-q3dz", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05626", "scoring_system": "epss", "scoring_elements": "0.90474", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0066" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700657", "reference_id": "700657", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066", "reference_id": "CVE-2011-0066", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0066" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hm6-cvca-q3dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2235?format=api", "vulnerability_id": "VCID-4khp-3yca-efa6", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90885", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179", "reference_id": "CVE-2012-4179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4179" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4khp-3yca-efa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2604?format=api", "vulnerability_id": "VCID-4mej-pecf-mba2", "summary": "Firefox user zbyte reported a crash that we determined\ncould result in an exploitable memory corruption problem. In certain cases\nafter a return from a native function, such as escape(), the\nJust-in-Time (JIT) compiler could get into a corrupt state. This could be\nexploited by an attacker to run arbitrary code such as installing malware.\nWe would like to thank community members Lucas\nKruijswijk and Nochum Sossonko for isolating\nthe problematic script from the original crashing site.\nThis vulnerability does not affect earlier versions of Firefox which\ndo not support the JIT feature.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83306", "scoring_system": "epss", "scoring_elements": "0.99287", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477", "reference_id": "CVE-2009-2477", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html", "reference_id": "CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html" }, { "reference_url": "https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/", "reference_id": "CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb", "reference_id": "CVE-2009-2477;OSVDB-55846", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl", "reference_id": "CVE-2009-2477;OSVDB-55846", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-41", "reference_id": "mfsa2009-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-41" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html", "reference_id": "OSVDB-55932;CVE-2009-2478;OSVDB-55846;CVE-2009-2477", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2477" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mej-pecf-mba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=api", "vulnerability_id": "VCID-4q1f-9mtr-4ufm", "summary": "Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. \nFirefox 9 and earlier are not affected by this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.83103", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0452" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=789506", "reference_id": "789506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452", "reference_id": "CVE-2012-0452", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-10", "reference_id": "mfsa2012-10", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-10" }, { "reference_url": "https://usn.ubuntu.com/1360-1/", "reference_id": "USN-1360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1360-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0452" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4q1f-9mtr-4ufm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2391?format=api", "vulnerability_id": "VCID-4qgz-6wnq-s3b8", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03101", "scoring_system": "epss", "scoring_elements": "0.87027", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201", "reference_id": "840201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948", "reference_id": "CVE-2012-1948", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42", "reference_id": "mfsa2012-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1948" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qgz-6wnq-s3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2874?format=api", "vulnerability_id": "VCID-4s1y-4wue-qkdj", "summary": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.70993", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413", "reference_id": "617413", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386", "reference_id": "684386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202", "reference_id": "CVE-2011-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18", "reference_id": "mfsa2011-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-1202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4s1y-4wue-qkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2613?format=api", "vulnerability_id": "VCID-4uw5-jy37-47g7", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04866", "scoring_system": "epss", "scoring_elements": "0.89711", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3379" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765", "reference_id": "531765", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531765" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379", "reference_id": "CVE-2009-3379", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1561", "reference_id": "RHSA-2009:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1561" }, { "reference_url": "https://usn.ubuntu.com/861-1/", "reference_id": "USN-861-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/861-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3379" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uw5-jy37-47g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2289?format=api", "vulnerability_id": "VCID-4vcw-dt9x-wqdd", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75919", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835", "reference_id": "CVE-2012-5835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vcw-dt9x-wqdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2592?format=api", "vulnerability_id": "VCID-4vst-t6ee-4yay", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93322", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1832" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503569", "reference_id": "503569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832", "reference_id": "CVE-2009-1832", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1832" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vst-t6ee-4yay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2135?format=api", "vulnerability_id": "VCID-4w5k-qnky-ybdy", "summary": "Security researcher Sergey Glazunov reported that\nit was possible to access the locationbar property of\na window object after it had been closed. Since the\nclosed window's memory could have been subsequently\nreused by the system it was possible that an attempt to access\nthe locationbar property could result in the execution of\nattacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.903", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642283", "reference_id": "642283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180", "reference_id": "CVE-2010-3180", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-66", "reference_id": "mfsa2010-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3180" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w5k-qnky-ybdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2124?format=api", "vulnerability_id": "VCID-4wrh-r3y9-kyb2", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a select event handler for XUL\ntree items could be called after the tree item was deleted. This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.This vulnerability does not affect Firefox 3.6", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91381", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149", "reference_id": "578149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175", "reference_id": "CVE-2010-0175", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-17", "reference_id": "mfsa2010-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0175" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wrh-r3y9-kyb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2125?format=api", "vulnerability_id": "VCID-4yrw-kmpa-z7dz", "summary": "Security researcher wushi of team509 reported that\nwhen a XUL tree had an HTML <div> element nested inside a\n<treechildren> element then code attempting to display content\nin the XUL tree would incorrectly treat the <div> element as a\nparent node to tree content underneath it resulting in incorrect\nindexes being calculated for the child content. These incorrect\nindexes were used in subsequent array operations which resulted in\nwriting data past the end of an allocated buffer. An attacker could\nuse this issue to crash a victim's browser and run arbitrary code on\ntheir machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.903", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660419", "reference_id": "660419", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772", "reference_id": "CVE-2010-3772", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77", "reference_id": "mfsa2010-77", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-77" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3772" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yrw-kmpa-z7dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2355?format=api", "vulnerability_id": "VCID-53t6-ecve-13g2", "summary": "Mozilla community member Ms2ger reported a crash due to an\ninvalid cast when using the instanceof operator on certain types of JavaScript\nobjects. This can lead to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00854", "scoring_system": "epss", "scoring_elements": "0.75249", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3989" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863620", "reference_id": "863620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989", "reference_id": "CVE-2012-3989", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-80", "reference_id": "mfsa2012-80", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-80" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3989" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53t6-ecve-13g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2359?format=api", "vulnerability_id": "VCID-55j1-htng-9ydy", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found a heap corruption in gfxImageSurface which\nallows for invalid frees and possible remote code execution. This happens due to\nfloat error, resulting from graphics values being passed through different\nnumber systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05707", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815020", "reference_id": "815020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470", "reference_id": "CVE-2012-0470", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-23", "reference_id": "mfsa2012-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0470" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-55j1-htng-9ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2160?format=api", "vulnerability_id": "VCID-58ej-gc1s-t7ha", "summary": "Security researcher Evgeny Legerov of Intevydis\nreported that the WOFF decoder contains an integer overflow in a\nfont decompression routine. This flaw could result in too small a\nmemory buffer being allocated to store a downloadable font. An\nattacker could use this vulnerability to crash a victim's browser\nand execute arbitrary code on his/her system.Support for the WOFF downloadable font format\nis new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect\nproducts built on earlier versions of the Mozilla browser engine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09896", "scoring_system": "epss", "scoring_elements": "0.93128", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1028" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566596", "reference_id": "566596", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566596" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085", "reference_id": "787085", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028", "reference_id": "CVE-2010-1028", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08", "reference_id": "mfsa2010-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1028" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58ej-gc1s-t7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2117?format=api", "vulnerability_id": "VCID-58qe-8axq-u3ad", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat when content script which is running in a chrome context accesses\na content object via SJOW, the content code can gain access to an\nobject from the chrome scope and use that object to run arbitrary\nJavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from\nGecko 1.9.1 were not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65561", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1215" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615463", "reference_id": "615463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215", "reference_id": "CVE-2010-1215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38", "reference_id": "mfsa2010-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1215" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58qe-8axq-u3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2202?format=api", "vulnerability_id": "VCID-5d21-y9nj-cqgm", "summary": "Mozilla added the OTS\nfont sanitizing library to prevent downloadable fonts from exposing\nvulnerabilities in the underlying OS font code. This library mitigates\nagainst several issues independently reported by Red Hat Security\nResponse Team member Marc Schoenefeld and Mozilla\nsecurity researcher Christoph Diehl.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06139", "scoring_system": "epss", "scoring_elements": "0.90944", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420", "reference_id": "660420", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768", "reference_id": "CVE-2010-3768", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-78", "reference_id": "mfsa2010-78", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-78" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3768" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5d21-y9nj-cqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2295?format=api", "vulnerability_id": "VCID-5d9g-kv5g-27d2", "summary": "Using the Address Sanitizer tool, security researcher Aki\nHelin from OUSPG found that IDBKeyRange of indexedDB remains in the\nXPConnect hashtable instead of being unlinked before being destroyed. When it is\ndestroyed, this causes a use-after-free, which is potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17081", "scoring_system": "epss", "scoring_elements": "0.95105", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0469" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815019", "reference_id": "815019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469", "reference_id": "CVE-2012-0469", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-22", "reference_id": "mfsa2012-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0469" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5d9g-kv5g-27d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2148?format=api", "vulnerability_id": "VCID-5e33-3pm6-b7e4", "summary": "Security researcher Alin Rad Pop of Secunia\nResearch reported that the HTML parser incorrectly freed used memory\nwhen insufficient space was available to process remaining input.\nUnder such circumstances, memory occupied by in-use objects was freed\nand could later be filled with attacker-controlled text. These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91662", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1571" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050", "reference_id": "566050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571", "reference_id": "CVE-2009-1571", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03", "reference_id": "mfsa2010-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1571" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5e33-3pm6-b7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2222?format=api", "vulnerability_id": "VCID-5eu6-8wqn-8udn", "summary": "Security researchers Nicolas Grégoire and Aki\nHelin independently reported that when processing a malformed\nembedded XSLT stylesheet, Firefox can crash due to a memory corruption.\nWhile there is no evidence that this is directly exploitable, there is\na possibility of remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88544", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0449" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785966", "reference_id": "785966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449", "reference_id": "CVE-2012-0449", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08", "reference_id": "mfsa2012-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0449" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5eu6-8wqn-8udn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72000?format=api", "vulnerability_id": "VCID-5h1q-1cv5-s3b8", "summary": "firefox: information leak due to XSLT", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56242", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1712" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=697732", "reference_id": "697732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=697732" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-1712" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5h1q-1cv5-s3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2876?format=api", "vulnerability_id": "VCID-5jra-q7ve-d3h8", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03926", "scoring_system": "epss", "scoring_elements": "0.88511", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652", "reference_id": "CVE-2011-3652", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3652" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jra-q7ve-d3h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2127?format=api", "vulnerability_id": "VCID-5mat-a9vu-nfff", "summary": "Google security researcher Robert Swiecki reported\nthat functions used by the Gopher parser to convert text to HTML tags\ncould be exploited to turn text into executable JavaScript. If an\nattacker could create a file or directory on a Gopher server with the\nencoded script as part of its name the script would then run in a\nvictim's browser within the context of the site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72828", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642290", "reference_id": "642290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177", "reference_id": "CVE-2010-3177", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-68", "reference_id": "mfsa2010-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3177" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mat-a9vu-nfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2365?format=api", "vulnerability_id": "VCID-5ms1-cy9k-2fdb", "summary": "Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01678", "scoring_system": "epss", "scoring_elements": "0.82475", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865286", "reference_id": "865286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191", "reference_id": "CVE-2012-4191", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88", "reference_id": "mfsa2012-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88" }, { "reference_url": "https://usn.ubuntu.com/1608-1/", "reference_id": "USN-1608-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1608-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4191" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ms1-cy9k-2fdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2292?format=api", "vulnerability_id": "VCID-5p1r-wxng-wbaj", "summary": "Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02253", "scoring_system": "epss", "scoring_elements": "0.84862", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4204" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877624", "reference_id": "877624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204", "reference_id": "CVE-2012-4204", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96", "reference_id": "mfsa2012-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4204" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p1r-wxng-wbaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2331?format=api", "vulnerability_id": "VCID-5ppx-c568-kkc6", "summary": "Security researcher Soroush Dalili reported that a\ncombination of invoking full screen mode and navigating backwards in history\ncould, in some circumstances, cause a hang or crash due to a timing dependent\nuse-after-free pointer reference. This crash may be potentially exploitable.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0399", "scoring_system": "epss", "scoring_elements": "0.88604", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619", "reference_id": "863619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988", "reference_id": "CVE-2012-3988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-79", "reference_id": "mfsa2012-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ppx-c568-kkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2362?format=api", "vulnerability_id": "VCID-5px5-rt4z-b7fs", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05074", "scoring_system": "epss", "scoring_elements": "0.89937", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3969" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922", "reference_id": "851922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969", "reference_id": "CVE-2012-3969", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3969" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5px5-rt4z-b7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2872?format=api", "vulnerability_id": "VCID-5q44-hdc9-tqb1", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal mapping of string values contained an\nerror in cases where the number of values being stored was above 64K.\nIn such cases an offset pointer was manually moved forwards and\nbackwards to access the larger address space. If an exception was\nthrown between the time that the offset pointer was moved forward and\nthe time it was reset, then the exception object would be read from an\ninvalid memory address, potentially executing attacker-controlled\nmemory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92814", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0056" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675092", "reference_id": "675092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056", "reference_id": "CVE-2011-0056", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05", "reference_id": "mfsa2011-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0056" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5q44-hdc9-tqb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2637?format=api", "vulnerability_id": "VCID-5ua9-4mhs-zkdj", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89464", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713", "reference_id": "546713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981", "reference_id": "CVE-2009-3981", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3981" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ua9-4mhs-zkdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2867?format=api", "vulnerability_id": "VCID-5uyz-ue98-kkbt", "summary": "Marc Schoenefeld reported a crash when using Firebug\nto profile a JavaScript file with many functions. It may be possible\nto trigger this crash without the use of debugging APIs, and if so\nthis could be exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01271", "scoring_system": "epss", "scoring_elements": "0.79829", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3650" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751933", "reference_id": "751933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650", "reference_id": "CVE-2011-3650", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-49", "reference_id": "mfsa2011-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3650" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5uyz-ue98-kkbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2386?format=api", "vulnerability_id": "VCID-5v52-h1rp-13bx", "summary": "Firefox prevents the dropping of javascript: links onto a frame\nto prevent malicious sites from tricking users into performing a cross-site\nscripting (XSS) attacks on themselves. Security researcher Soroush\nDalili reported a way to bypass this protection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0455", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01144", "scoring_system": "epss", "scoring_elements": "0.78748", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0455" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803119", "reference_id": "803119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455", "reference_id": "CVE-2012-0455", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-13", "reference_id": "mfsa2012-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0455" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5v52-h1rp-13bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2796?format=api", "vulnerability_id": "VCID-5vwk-nwpu-gfhw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08433", "scoring_system": "epss", "scoring_elements": "0.92462", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675083", "reference_id": "675083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675083" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062", "reference_id": "CVE-2011-0062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0062" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwk-nwpu-gfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2836?format=api", "vulnerability_id": "VCID-5x9v-qerc-37gg", "summary": "Security researcher Aki Helin reported a crash\nin the YARR regular expression library that could be triggered by\njavascript in web content.\nThe YARR library was not used in older versions of\nthe Mozilla browser engine. This vulnerability does not affect\nFirefox 3.6 or Thunderbird 3.1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04527", "scoring_system": "epss", "scoring_elements": "0.89333", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661", "reference_id": "CVE-2011-3661", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54", "reference_id": "mfsa2011-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3661" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5x9v-qerc-37gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2463?format=api", "vulnerability_id": "VCID-5xwh-7b2a-uydt", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nvulnerabilities in the session-restore feature by which content could be\ninjected into an incorrect document storage location, including\nstorage locations for other domains. An attacker could utilize these\nissues to violate the browser's same-origin policy and perform an XSS\nattack while SessionStore data is being restored.moz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78291", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476289", "reference_id": "476289", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513", "reference_id": "CVE-2008-5513", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-69", "reference_id": "mfsa2008-69", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5513" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xwh-7b2a-uydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2878?format=api", "vulnerability_id": "VCID-61aa-8jww-jbb5", "summary": "Security researcher Jordi Chancel reported that a\nJPEG image could be constructed that would be decoded incorrectly,\ncausing data to be written past the end of a buffer created to store\nthe image. An attacker could potentially craft such an image that\nwould cause malicious code to be stored in memory and then later\nexecuted on a victim's computer.Firefox 3.5 was not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03978", "scoring_system": "epss", "scoring_elements": "0.88592", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675095", "reference_id": "675095", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061", "reference_id": "CVE-2011-0061", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09", "reference_id": "mfsa2011-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61aa-8jww-jbb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2210?format=api", "vulnerability_id": "VCID-6217-dck9-hqht", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a\nmalicious NodeFilter could be created which would detach\nnodes from the DOM tree while it was being traversed. The use of a\ndetached and subsequently deleted node could result in the execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02213", "scoring_system": "epss", "scoring_elements": "0.84732", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615459", "reference_id": "615459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209", "reference_id": "CVE-2010-1209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36", "reference_id": "mfsa2010-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6217-dck9-hqht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2814?format=api", "vulnerability_id": "VCID-64g4-tpfq-7qf4", "summary": "Security researcher Martin Barbella reported that\nunder certain conditions, viewing a XUL document while JavaScript was\ndisabled caused deleted memory to be accessed. This flaw could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.XUL document support was disabled by default in\nFirefox 4 and SeaMonkey 2.1 and users of those versions are not generally\nat risk. It is possible for add-ons to re-enable the feature for specific\nsites (for example, to support a legacy intranet XUL application) which would\nhave introduced this vulnerability while browsing those sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03792", "scoring_system": "epss", "scoring_elements": "0.88273", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2373" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714577", "reference_id": "714577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373", "reference_id": "CVE-2011-2373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20", "reference_id": "mfsa2011-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64g4-tpfq-7qf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2177?format=api", "vulnerability_id": "VCID-6bkj-wqzq-5bgs", "summary": "Security researcher Chris Rohlf of Matasano\nSecurity reported that the implementation of the HTML frameset element\ncontained an integer overflow vulnerability. The code responsible for\nparsing the frameset columns used an 8-byte counter for the column\nnumbers, so when a very large number of columns was passed in the\ncounter would overflow. When this counter was subsequently used to\nallocate memory for the frameset, the memory buffer would be too\nsmall, potentially resulting in a heap buffer overflow and execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04021", "scoring_system": "epss", "scoring_elements": "0.88655", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630056", "reference_id": "630056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765", "reference_id": "CVE-2010-2765", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50", "reference_id": "mfsa2010-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2765" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bkj-wqzq-5bgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2185?format=api", "vulnerability_id": "VCID-6chh-16fh-p3a4", "summary": "Security researcher O. Andersen reported that\nundefined positions within various 8 bit character encodings are\nmapped to the sequence U+FFFD which when displayed causes the\nimmediately following character to disappear from the text run. This\ncould potentially contribute to XSS problems on sites which expected\nextra characters to be present within strings being sanitized on the\nserver.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58482", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615474", "reference_id": "615474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210", "reference_id": "CVE-2010-1210", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44", "reference_id": "mfsa2010-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6chh-16fh-p3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2156?format=api", "vulnerability_id": "VCID-6cxk-w6ct-2qcp", "summary": "Security researcher Sergey Glazunov reported a\ndangling pointer vulnerability in the implementation\nof navigator.plugins in which the navigator\nobject could retain a pointer to the plugins array even after it had\nbeen destroyed. An attacker could potentially use this issue to crash\nthe browser and run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0476", "scoring_system": "epss", "scoring_elements": "0.89611", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630059", "reference_id": "630059", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767", "reference_id": "CVE-2010-2767", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51", "reference_id": "mfsa2010-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cxk-w6ct-2qcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2225?format=api", "vulnerability_id": "VCID-6ewf-t4h5-jyaf", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920", "reference_id": "851920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967", "reference_id": "CVE-2012-3967", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3967" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ewf-t4h5-jyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2432?format=api", "vulnerability_id": "VCID-6f2s-hecz-2yha", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04539", "scoring_system": "epss", "scoring_elements": "0.89346", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476267", "reference_id": "476267", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501", "reference_id": "CVE-2008-5501", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5501" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f2s-hecz-2yha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2128?format=api", "vulnerability_id": "VCID-6m78-bdd6-vfgw", "summary": "Security researcher Gregory Fleischer reported\nthat when a Java LiveConnect script was loaded via\na data: URL which redirects via a meta refresh, then the\nresulting plugin object was created with the wrong security principal\nand thus received elevated privileges such as the abilities to read\nlocal files, launch processes, and create network connections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03473", "scoring_system": "epss", "scoring_elements": "0.87752", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660422", "reference_id": "660422", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775", "reference_id": "CVE-2010-3775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-79", "reference_id": "mfsa2010-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-79" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6m78-bdd6-vfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74319?format=api", "vulnerability_id": "VCID-6mgf-gnw9-3yeg", "summary": "Thunderbird mail crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05533", "scoring_system": "epss", "scoring_elements": "0.90393", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812", "reference_id": "507812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=507812" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1134", "reference_id": "RHSA-2009:1134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mgf-gnw9-3yeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2652?format=api", "vulnerability_id": "VCID-6mxs-cd1d-qkh3", "summary": "Web developer Cefn Hoile reported that sites which\nallow users to embed third-party stylesheets are vulnerable to script\ninjection attacks using XBL bindings. While this behavior was\ndocumented previously, it was determined that this particular risk was\nnot well-understood by some websites. To mitigate this risk Mozilla\nadded a restriction that requires XBL bindings to come from the same\norigin as the bound document.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78329", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1308" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266", "reference_id": "496266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308", "reference_id": "CVE-2009-1308", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-18", "reference_id": "mfsa2009-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1308" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mxs-cd1d-qkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=api", "vulnerability_id": "VCID-6vvv-yczm-pue9", "summary": "Dirk Heinrich reported that on Windows platforms\nwhen document.write() was called with a very long string\na buffer overflow was caused in line breaking routines attempting to\nprocess the string for display. Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08397", "scoring_system": "epss", "scoring_elements": "0.92443", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769", "reference_id": "CVE-2010-3769", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-75", "reference_id": "mfsa2010-75", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3769" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vvv-yczm-pue9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2275?format=api", "vulnerability_id": "VCID-6w8d-f2v4-4bd4", "summary": "Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.76149", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628", "reference_id": "877628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841", "reference_id": "CVE-2012-5841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100", "reference_id": "mfsa2012-100", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5841" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6w8d-f2v4-4bd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2183?format=api", "vulnerability_id": "VCID-72a2-1hry-zqd5", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88399", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408", "reference_id": "660408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776", "reference_id": "CVE-2010-3776", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72a2-1hry-zqd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2619?format=api", "vulnerability_id": "VCID-76dz-7sqa-fqdn", "summary": "Microsoft security researchers Shuo\nChen, Ziqing Mao, Yi-Min\nWang, and Ming Zhang reported that when a\nCONNECT request is sent to a proxy server and a non-200 response is\nreturned, then the body of the response is incorrectly rendered\nwithin the context of the request Host: header. An\nactive network attacker could use this vulnerability to intercept a\nCONNECT request and reply with a non-200 response containing malicious\ncode which would be executed within the context of the victim's\nrequested SSL-protected domain. Since this attack requires the victim\nto have a proxy configured, the severity of this issue was determined\nto be high.Thunderbird mail messages are not vulnerable to this flaw,\nbut if Thunderbird were being used in a browser-like manner (through Add-ons,\nperhaps) and JavaScript were enabled (not the default setting) then users could\nbe vulnerable to this flaw in older versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02032", "scoring_system": "epss", "scoring_elements": "0.84085", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578", "reference_id": "503578", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503578" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836", "reference_id": "CVE-2009-1836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-27", "reference_id": "mfsa2009-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76dz-7sqa-fqdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2195?format=api", "vulnerability_id": "VCID-76s6-dzts-b7b6", "summary": "Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument. The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext. The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate. A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58482", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2751" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615480", "reference_id": "615480", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751", "reference_id": "CVE-2010-2751", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45", "reference_id": "mfsa2010-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2751" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76s6-dzts-b7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2314?format=api", "vulnerability_id": "VCID-7aj6-mfpj-myb3", "summary": "Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01102", "scoring_system": "epss", "scoring_elements": "0.78348", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623", "reference_id": "863623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184", "reference_id": "CVE-2012-4184", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83", "reference_id": "mfsa2012-83", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4184" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7aj6-mfpj-myb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2792?format=api", "vulnerability_id": "VCID-7brb-puuf-fya8", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700622", "reference_id": "700622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072", "reference_id": "CVE-2011-0072", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0072" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7brb-puuf-fya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2193?format=api", "vulnerability_id": "VCID-7dzj-wguk-j3bs", "summary": "Morten Kråkvik of Telenor SOC reported an exploit\ntargeting particular versions of Firefox 3.6 on Windows XP that\nTelenor found while investigating an intrusion attempt on a customer\nnetwork. The underlying vulnerability, however, was present on both\nthe Firefox 3.5 and Firefox 3.6 development branches and affected all\nsupported platforms.Reading mail in Thunderbird does not pose a risk to\nusers, however the vulnerability is present and could be triggered in\nRSS feeds if JavaScript is enabled or by an add-on that enables\nbrowser-like functionality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86773", "scoring_system": "epss", "scoring_elements": "0.99439", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3765" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0061", "reference_id": "0061", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0061" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html", "reference_id": "050061.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html", "reference_id": "050077.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html", "reference_id": "050154.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html", "reference_id": "050233.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114329", "reference_id": "100114329", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114329" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114335", "reference_id": "100114335", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114335" }, { "reference_url": "http://www.norman.com/security_center/virus_description_archive/129146/", "reference_id": "129146", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.norman.com/security_center/virus_description_archive/129146/" }, { "reference_url": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/", "reference_id": "129223", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.norman.com/about_norman/press_center/news_archive/2010/129223/" }, { "reference_url": "http://www.exploit-db.com/exploits/15341", "reference_id": "15341", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15341" }, { "reference_url": "http://www.exploit-db.com/exploits/15342", "reference_id": "15342", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15342" }, { "reference_url": "http://www.exploit-db.com/exploits/15352", "reference_id": "15352", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.exploit-db.com/exploits/15352" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2837", "reference_id": "2837", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2837" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2857", "reference_id": "2857", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2857" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2864", "reference_id": "2864", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2864" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2871", "reference_id": "2871", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2871" }, { "reference_url": "http://secunia.com/advisories/41761", "reference_id": "41761", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41761" }, { "reference_url": "http://secunia.com/advisories/41965", "reference_id": "41965", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41965" }, { "reference_url": "http://secunia.com/advisories/41966", "reference_id": "41966", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41966" }, { "reference_url": "http://secunia.com/advisories/41969", "reference_id": "41969", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41969" }, { "reference_url": "http://secunia.com/advisories/41975", "reference_id": "41975", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/41975" }, { "reference_url": "http://secunia.com/advisories/42003", "reference_id": "42003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42003" }, { "reference_url": "http://secunia.com/advisories/42008", "reference_id": "42008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42008" }, { "reference_url": "http://secunia.com/advisories/42043", "reference_id": "42043", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42043" }, { "reference_url": "http://secunia.com/advisories/42867", "reference_id": "42867", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://secunia.com/advisories/42867" }, { "reference_url": "http://www.securityfocus.com/bid/44425", "reference_id": "44425", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securityfocus.com/bid/44425" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=646997", "reference_id": "646997", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=646997" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213", "reference_id": "advisories?name=MDVSA-2010:213", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:213" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219", "reference_id": "advisories?name=MDVSA-2010:219", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:219" }, { "reference_url": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/", "reference_id": "critical-vulnerability-in-firefox-3-5-and-firefox-3-6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765", "reference_id": "CVE-2010-3765", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html", "reference_id": "CVE-2010-3765;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb", "reference_id": "CVE-2010-3765;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html", "reference_id": "CVE-2010-3765;OSVDB-68921", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222", "reference_id": "CVE-2010-3765;OSVDB-68921;OSVDB-68905", "reference_type": "exploit", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html", "reference_id": "CVE-2010-3765;OSVDB-68921;OSVDB-68905", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html" }, { "reference_url": "http://isc.sans.edu/diary.html?storyid=9817", "reference_id": "diary.html?storyid=9817", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://isc.sans.edu/diary.html?storyid=9817" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2124", "reference_id": "dsa-2124", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.debian.org/security/2010/dsa-2124" }, { "reference_url": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter", "reference_id": "en?utm_source=twitterfeed&utm_medium=twitter", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "http://www.securitytracker.com/id?1024645", "reference_id": "id?1024645", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024645" }, { "reference_url": "http://www.securitytracker.com/id?1024650", "reference_id": "id?1024650", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024650" }, { "reference_url": "http://www.securitytracker.com/id?1024651", "reference_id": "id?1024651", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.securitytracker.com/id?1024651" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73", "reference_id": "mfsa2010-73", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-73" }, { "reference_url": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "reference_id": "mfsa2010-73.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html" }, { "reference_url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "reference_id": "multiple_vulnerabilities_in_mozilla_firefox", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A12108", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0808", "reference_id": "RHSA-2010:0808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0808" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0808.html", "reference_id": "RHSA-2010-0808.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0808.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0809", "reference_id": "RHSA-2010:0809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0809" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0809.html", "reference_id": "RHSA-2010-0809.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0809.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0810", "reference_id": "RHSA-2010:0810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0810" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0810.html", "reference_id": "RHSA-2010-0810.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0810.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0812", "reference_id": "RHSA-2010:0812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0812" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2010-0812.html", "reference_id": "RHSA-2010-0812.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0812.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0861.html", "reference_id": "RHSA-2010-0861.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0861.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0896.html", "reference_id": "RHSA-2010-0896.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0896.html" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53", "reference_id": "show_bug.cgi?id=607222#c53", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53" }, { "reference_url": "http://www.ubuntu.com/usn/usn-1011-1", "reference_id": "usn-1011-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/usn-1011-1" }, { "reference_url": "https://usn.ubuntu.com/1011-1/", "reference_id": "USN-1011-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-1/" }, { "reference_url": "https://usn.ubuntu.com/1011-2/", "reference_id": "USN-1011-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-2/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1011-2", "reference_id": "USN-1011-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1011-2" }, { "reference_url": "https://usn.ubuntu.com/1011-3/", "reference_id": "USN-1011-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1011-3/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1011-3", "reference_id": "USN-1011-3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1011-3" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "reference_id": "viewer.php?l=slackware-security&y=2010&m=slackware-security.556706", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3765" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7dzj-wguk-j3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2476?format=api", "vulnerability_id": "VCID-7hxm-91q8-37de", "summary": "An anonymous security researcher reported via TippingPoint's Zero\nDay Initiative that insufficient checks were being performed to test\nwhether the Flash module was properly dynamically unloaded.\nThe researcher demonstrated that a SWF file which dynamically unloads\nitself from an outside JavaScript function can cause the browser to access\na memory address no longer mapped to the Flash module, resulting in a\ncrash. This crash could be used by an attacker to run arbitrary code\non a victim's computer.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2392", "scoring_system": "epss", "scoring_elements": "0.96119", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470867", "reference_id": "470867", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013", "reference_id": "CVE-2008-5013", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-49", "reference_id": "mfsa2008-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5013" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxm-91q8-37de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2395?format=api", "vulnerability_id": "VCID-7q2k-463k-ryg1", "summary": "Security researchers Jordi Chancel and Eddy\nBordi reported that they could short-circuit page loads to show the\naddress of a different site than what is loaded in the window in the addressbar.\nSecurity researcher Chris McGowen independently reported the\nsame flaw, and further demonstrated that this could lead to loading scripts from\nthe attacker's site, leaving users vulnerable to cross-site scripting (XSS)\nattacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00685", "scoring_system": "epss", "scoring_elements": "0.72001", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815024", "reference_id": "815024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474", "reference_id": "CVE-2012-0474", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-27", "reference_id": "mfsa2012-27", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0474" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q2k-463k-ryg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2885?format=api", "vulnerability_id": "VCID-7q63-dfrh-wuh3", "summary": "Security researcher Mario Heiderich reported that\nHTML-encoded entities were being improperly decoded when displayed\ninside SVG elements. This could lead to XSS attacks on sites relying\non HTML encoding of user-supplied content.The inline SVG feature was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49116", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369", "reference_id": "CVE-2011-2369", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27", "reference_id": "mfsa2011-27", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2369" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q63-dfrh-wuh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2273?format=api", "vulnerability_id": "VCID-7st2-j9h1-mfdg", "summary": "Mozilla developer Johnny Stenback discovered that several\nmethods of a feature used for testing (DOMWindowUtils) are not protected by\nexisting security checks, allowing these methods to be called through script by\nweb pages. This was addressed by adding the existing security checks to these\nmethods.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75012", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618", "reference_id": "863618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986", "reference_id": "CVE-2012-3986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-77", "reference_id": "mfsa2012-77", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-77" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3986" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7st2-j9h1-mfdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2204?format=api", "vulnerability_id": "VCID-7vd9-7uht-j3e7", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that XUL <tree> objects could\nbe manipulated such that the setting of certain properties on the\nobject would trigger the removal of the tree from the DOM and cause\ncertain sections of deleted memory to be accessed. In products based on\nGecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer\nthis memory has been overwritten by a value that will cause an\nunexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5,\nThunderbird 3.0, and SeaMonkey 2.0) and older an attacker could\npotentially use this vulnerability to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90265", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3168" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630064", "reference_id": "630064", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168", "reference_id": "CVE-2010-3168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55", "reference_id": "mfsa2010-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vd9-7uht-j3e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2575?format=api", "vulnerability_id": "VCID-7vzr-cjqw-c3az", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0345", "scoring_system": "epss", "scoring_elements": "0.87715", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128", "reference_id": "512128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462", "reference_id": "CVE-2009-2462", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2462" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vzr-cjqw-c3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2632?format=api", "vulnerability_id": "VCID-7w8b-kkj8-efg1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0678", "scoring_system": "epss", "scoring_elements": "0.91448", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0353" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483141", "reference_id": "483141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483141" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353", "reference_id": "CVE-2009-0353", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01", "reference_id": "mfsa2009-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0353" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7w8b-kkj8-efg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2626?format=api", "vulnerability_id": "VCID-7xf8-83su-tuet", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03012", "scoring_system": "epss", "scoring_elements": "0.8682", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2664" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618341", "reference_id": "1618341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664", "reference_id": "CVE-2009-2664", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45", "reference_id": "mfsa2009-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xf8-83su-tuet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2850?format=api", "vulnerability_id": "VCID-83vx-q5b9-pfax", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86512", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375", "reference_id": "CVE-2011-2375", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-83vx-q5b9-pfax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2857?format=api", "vulnerability_id": "VCID-84n5-7t1b-e3de", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG\nimplementation could result in an out-of-bounds memory access if\nSVG elements were removed during a DOMAttrModified event handler.\nThis vulnerability does not affect products prior to Firefox 8\nand SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if\nusing a browser-like feature that allowed scripts to run; users\nare not at risk while reading mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75876", "scoring_system": "epss", "scoring_elements": "0.98934", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3658" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658", "reference_id": "CVE-2011-3658", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb", "reference_id": "CVE-2011-3658;OSVDB-77953", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-12-056/", "reference_id": "CVE-2011-3658;OSVDB-77953", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-056/" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55", "reference_id": "mfsa2011-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3658" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84n5-7t1b-e3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2851?format=api", "vulnerability_id": "VCID-88qm-sqq1-g3ck", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02371", "scoring_system": "epss", "scoring_elements": "0.85213", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376", "reference_id": "CVE-2011-2376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88qm-sqq1-g3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2229?format=api", "vulnerability_id": "VCID-8ajm-cdtz-gbe6", "summary": "Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01406", "scoring_system": "epss", "scoring_elements": "0.80782", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4193" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865215", "reference_id": "865215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193", "reference_id": "CVE-2012-4193", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89", "reference_id": "mfsa2012-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1361", "reference_id": "RHSA-2012:1361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1362", "reference_id": "RHSA-2012:1362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1362" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4193" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ajm-cdtz-gbe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2663?format=api", "vulnerability_id": "VCID-8bcy-rzxv-pbcy", "summary": "Security researcher Gregory Fleischer reported\nthat local resources loaded via the file: protocol can\naccess any domain's cookies which have been saved on a user's machine.\nFleischer demonstrated that a local document's domain was being\ncalculated incorrectly from its URL. If a victim could be persuaded\nto download a malicious file and then open that file in their browser,\nthe malicious file could then steal arbitrary cookies from the\nvictim's computer. Due to the interaction required for this attack,\nthe severity of the issue was determined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01548", "scoring_system": "epss", "scoring_elements": "0.81704", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1835" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503576", "reference_id": "503576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835", "reference_id": "CVE-2009-1835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26", "reference_id": "mfsa2009-26", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bcy-rzxv-pbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2363?format=api", "vulnerability_id": "VCID-8c5a-phhj-6kek", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02745", "scoring_system": "epss", "scoring_elements": "0.86233", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3970" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922", "reference_id": "851922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970", "reference_id": "CVE-2012-3970", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3970" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c5a-phhj-6kek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2191?format=api", "vulnerability_id": "VCID-8dat-6cwu-cbfh", "summary": "Security researcher Paul Stone reported that a\nbrowser applet could be used to turn a simple mouse click into a\ndrag-and-drop action, potentially resulting in the unintended loading\nof resources in a user's browser. This behavior could be used twice\nin succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL\non top of the same document resulting in arbitrary script execution\nwith chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03519", "scoring_system": "epss", "scoring_elements": "0.87843", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578154", "reference_id": "578154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178", "reference_id": "CVE-2010-0178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20", "reference_id": "mfsa2010-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0178" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dat-6cwu-cbfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2200?format=api", "vulnerability_id": "VCID-8djv-agez-ekdf", "summary": "Security researcher Marc Schoenefeld reported that\na specially crafted font could be applied to a document and cause a\ncrash on Mac systems. The crash showed signs of memory corruption and\npresumably could be used by an attacker to execute arbitrary code on a\nvictim's computer.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86663", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770", "reference_id": "CVE-2010-2770", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58", "reference_id": "mfsa2010-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2770" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8djv-agez-ekdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2190?format=api", "vulnerability_id": "VCID-8f9d-wjv2-8kfj", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03507", "scoring_system": "epss", "scoring_elements": "0.87824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147", "reference_id": "578147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174", "reference_id": "CVE-2010-0174", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16", "reference_id": "mfsa2010-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0174" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8f9d-wjv2-8kfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88952?format=api", "vulnerability_id": "VCID-8gvs-b724-9yfd", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71187", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-6961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gvs-b724-9yfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2171?format=api", "vulnerability_id": "VCID-8j92-vm1q-kqbk", "summary": "Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random(). Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user. This additional variant is\nidentified as CVE-2010-3171.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00434", "scoring_system": "epss", "scoring_elements": "0.63115", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938", "reference_id": "480938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913", "reference_id": "CVE-2008-5913", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33", "reference_id": "mfsa2010-33", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5913" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8j92-vm1q-kqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2231?format=api", "vulnerability_id": "VCID-8qn7-4rcc-v7bx", "summary": "Security researcher vsemozhetbyt reported that when the\nDOMParser is used to parse text/html data in a Firefox extension, linked\nresources within this HTML data will be loaded. If the data being parsed in the\nextension is untrusted, it could lead to information leakage and can\npotentially be combined with other attacks to become exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00923", "scoring_system": "epss", "scoring_elements": "0.76332", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3975" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851929", "reference_id": "851929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975", "reference_id": "CVE-2012-3975", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68", "reference_id": "mfsa2012-68", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3975" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qn7-4rcc-v7bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2627?format=api", "vulnerability_id": "VCID-8sxb-49bw-g3fn", "summary": "Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way. This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page. An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0205", "scoring_system": "epss", "scoring_elements": "0.84152", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546722", "reference_id": "546722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984", "reference_id": "CVE-2009-3984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69", "reference_id": "mfsa2009-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sxb-49bw-g3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2825?format=api", "vulnerability_id": "VCID-8x81-ek8m-rbbh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17825", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980", "reference_id": "CVE-2011-2980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8x81-ek8m-rbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2290?format=api", "vulnerability_id": "VCID-8zph-aky5-aycp", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77552", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877945", "reference_id": "877945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838", "reference_id": "CVE-2012-5838", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5838" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zph-aky5-aycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2268?format=api", "vulnerability_id": "VCID-94h3-jftn-tqg2", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01532", "scoring_system": "epss", "scoring_elements": "0.81622", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5843" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877613", "reference_id": "877613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843", "reference_id": "CVE-2012-5843", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91", "reference_id": "mfsa2012-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5843" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94h3-jftn-tqg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2336?format=api", "vulnerability_id": "VCID-94xc-pjbs-ckar", "summary": "Mozilla community member Ms2ger found an image rendering\nissue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects.\nThis can lead to a crash on a maliciously crafted web page. While there is no\nevidence that this is directly exploitable, there is a possibility of remote\ncode execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0478", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00753", "scoring_system": "epss", "scoring_elements": "0.73509", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815037", "reference_id": "815037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478", "reference_id": "CVE-2012-0478", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-30", "reference_id": "mfsa2012-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0478" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94xc-pjbs-ckar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2372?format=api", "vulnerability_id": "VCID-99nn-nb21-pyaz", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01275", "scoring_system": "epss", "scoring_elements": "0.79855", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614", "reference_id": "863614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982", "reference_id": "CVE-2012-3982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-74", "reference_id": "mfsa2012-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99nn-nb21-pyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2308?format=api", "vulnerability_id": "VCID-9bde-enk3-9kbq", "summary": "Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, writes to\nlocation.hash can be used in concert with scripted history\nnavigation to cause a specific website to be loaded into the history object. The\nbaseURI can then be changed to this stored site, allowing an attacker to inject\na script or intercept posted data posted to a location specified with a relative\npath.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78694", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624", "reference_id": "863624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992", "reference_id": "CVE-2012-3992", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-84", "reference_id": "mfsa2012-84", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-84" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3992" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9bde-enk3-9kbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2458?format=api", "vulnerability_id": "VCID-9d41-nsk6-sufx", "summary": "Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to\nstore cookie-like information on a user's computer which could later\nbe read by a website. This creates a privacy issue for users who have\na non-standard cookie preference and wish to prevent sites from\nsetting cookies on their machine. Even with cookies turned off, this\nissue could be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions. Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00833", "scoring_system": "epss", "scoring_elements": "0.74898", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5505" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476274", "reference_id": "476274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505", "reference_id": "CVE-2008-5505", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-63", "reference_id": "mfsa2008-63", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5505" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d41-nsk6-sufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2638?format=api", "vulnerability_id": "VCID-9f3w-zp9z-3yc7", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08287", "scoring_system": "epss", "scoring_elements": "0.92369", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982", "reference_id": "CVE-2009-3982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f3w-zp9z-3yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2815?format=api", "vulnerability_id": "VCID-9f45-79mn-3ug8", "summary": "Yosuke Hasegawa reported that the Mozilla browser engine\nmishandled invalid sequences in the Shift-JIS encoding. When encountering an\ninvalid pair Mozilla would turn the entire two-byte sequence into a single\nunknown character rather than an unknown character followed by a valid\nsingle-byte character. On some sites attackers may have been able to\nend their input with the first byte of a two byte sequence; when that\ninput was later put into a page context it might cause the following\ndelimiter (such as a double-quote) to be consumed, breaking the format\nof the page. Depending on the page this could potentially be used to\nsteal data or inject script into the page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56853", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751932", "reference_id": "751932", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648", "reference_id": "CVE-2011-3648", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-47", "reference_id": "mfsa2011-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1437", "reference_id": "RHSA-2011:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1438", "reference_id": "RHSA-2011:1438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1439", "reference_id": "RHSA-2011:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1440", "reference_id": "RHSA-2011:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1440" }, { "reference_url": "https://usn.ubuntu.com/1251-1/", "reference_id": "USN-1251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1251-1/" }, { "reference_url": "https://usn.ubuntu.com/1254-1/", "reference_id": "USN-1254-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1254-1/" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3648" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f45-79mn-3ug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2456?format=api", "vulnerability_id": "VCID-9fbv-p14w-quch", "summary": "Security researcher Chris Evans reported an error\nin the method used to parse the default namespace in an E4X document.\nThe error was caused by quote characters in the namespace not being\nproperly escaped. The severity of this issue was determined to be\nlow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07219", "scoring_system": "epss", "scoring_elements": "0.91734", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5024" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470902", "reference_id": "470902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024", "reference_id": "CVE-2008-5024", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-58", "reference_id": "mfsa2008-58", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5024" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fbv-p14w-quch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2631?format=api", "vulnerability_id": "VCID-9k9z-m4gr-gkc6", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08533", "scoring_system": "epss", "scoring_elements": "0.92509", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483139", "reference_id": "483139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352", "reference_id": "CVE-2009-0352", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01", "reference_id": "mfsa2009-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0352" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9k9z-m4gr-gkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2590?format=api", "vulnerability_id": "VCID-9km7-m142-abbt", "summary": "Mozilla security researchers Jesse Ruderman\nand Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body. An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03024", "scoring_system": "epss", "scoring_elements": "0.86853", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168", "reference_id": "530168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376", "reference_id": "CVE-2009-3376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62", "reference_id": "mfsa2009-62", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9km7-m142-abbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2788?format=api", "vulnerability_id": "VCID-9qs9-ys17-v3bg", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700617", "reference_id": "700617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074", "reference_id": "CVE-2011-0074", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qs9-ys17-v3bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2165?format=api", "vulnerability_id": "VCID-9ubz-x94a-w3dr", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27259", "scoring_system": "epss", "scoring_elements": "0.96485", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576698", "reference_id": "576698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167", "reference_id": "CVE-2010-0167", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt", "reference_id": "CVE-2010-0167;OSVDB-63267", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt" }, { "reference_url": "https://www.securityfocus.com/bid/38944/info", "reference_id": "CVE-2010-0167;OSVDB-63267", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38944/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ubz-x94a-w3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2879?format=api", "vulnerability_id": "VCID-9xyn-fzdn-3qen", "summary": "Security researcher Zach Hoffman reported that a\nrecursive call to eval() wrapped in\na try/catch statement places the browser into a\ninconsistent state. Any dialog box opened in this state is displayed\nwithout text and with non-functioning buttons. Closing the window\ncauses the dialog to evaluate to true. An attacker could use this\nissue to force a user into accepting any dialog, such as one granting\nelevated privileges to the page presenting the dialog.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76695", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675087", "reference_id": "675087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051", "reference_id": "CVE-2011-0051", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02", "reference_id": "mfsa2011-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0312", "reference_id": "RHSA-2011:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0051" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyn-fzdn-3qen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2345?format=api", "vulnerability_id": "VCID-a1hg-12wv-a7h5", "summary": "Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87797", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615", "reference_id": "877615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202", "reference_id": "CVE-2012-4202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92", "reference_id": "mfsa2012-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1hg-12wv-a7h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2649?format=api", "vulnerability_id": "VCID-a23w-uvk3-d7g8", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0585", "scoring_system": "epss", "scoring_elements": "0.9069", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381", "reference_id": "CVE-2009-3381", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3381" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a23w-uvk3-d7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2481?format=api", "vulnerability_id": "VCID-a28h-p654-8bgm", "summary": "Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol. The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02059", "scoring_system": "epss", "scoring_elements": "0.84185", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463246", "reference_id": "463246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463246" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067", "reference_id": "CVE-2008-4067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44", "reference_id": "mfsa2008-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a28h-p654-8bgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2186?format=api", "vulnerability_id": "VCID-a2pm-eupm-dfaq", "summary": "Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content. This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01301", "scoring_system": "epss", "scoring_elements": "0.80044", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580", "reference_id": "586580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182", "reference_id": "CVE-2010-0182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24", "reference_id": "mfsa2010-24", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2pm-eupm-dfaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2420?format=api", "vulnerability_id": "VCID-a59b-rr52-b3hs", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17422", "scoring_system": "epss", "scoring_elements": "0.9518", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470883", "reference_id": "470883", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017", "reference_id": "CVE-2008-5017", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5017" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a59b-rr52-b3hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2377?format=api", "vulnerability_id": "VCID-a6uw-zff3-n3e6", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79623", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938", "reference_id": "CVE-2012-1938", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1938" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6uw-zff3-n3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2426?format=api", "vulnerability_id": "VCID-a85v-byy9-vqf7", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02287", "scoring_system": "epss", "scoring_elements": "0.84962", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4064" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463204", "reference_id": "463204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064", "reference_id": "CVE-2008-4064", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4064" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a85v-byy9-vqf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2315?format=api", "vulnerability_id": "VCID-a89m-g6m7-tqbr", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87451", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972", "reference_id": "CVE-2012-1972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a89m-g6m7-tqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2662?format=api", "vulnerability_id": "VCID-a8hd-tfek-8yfa", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04708", "scoring_system": "epss", "scoring_elements": "0.89536", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256", "reference_id": "496256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305", "reference_id": "CVE-2009-1305", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1305" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8hd-tfek-8yfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2142?format=api", "vulnerability_id": "VCID-a97g-r4rk-sqb3", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04334", "scoring_system": "epss", "scoring_elements": "0.89085", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1200" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804", "reference_id": "590804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200", "reference_id": "CVE-2010-1200", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1200" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a97g-r4rk-sqb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=api", "vulnerability_id": "VCID-a9xv-yc56-c3ca", "summary": "Using the Address Sanitizer tool, Mozilla security researcher\nChristoph Diehl discovered two memory corruption issues\ninvolving the Graphite 2 library used in Mozilla products. Both of these issues\ncan cause a potentially exploitable crash. These problems were fixed in the\nGraphite 2 library, which has been updated for Mozilla products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03136", "scoring_system": "epss", "scoring_elements": "0.87099", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851923", "reference_id": "851923", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971", "reference_id": "CVE-2012-3971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64", "reference_id": "mfsa2012-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9xv-yc56-c3ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2150?format=api", "vulnerability_id": "VCID-aa94-6k3c-gua9", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05442", "scoring_system": "epss", "scoring_elements": "0.90311", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576391", "reference_id": "576391", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576391" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163", "reference_id": "CVE-2010-0163", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0163" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aa94-6k3c-gua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2130?format=api", "vulnerability_id": "VCID-aejk-rng6-r3dj", "summary": "Mozilla developer Josh Soref of Nokia reported that\ndocuments failed to call certain security checks when attempting to\npreload images. Although the image content is not available to the page, it\nis possible to specify protocols that are normally not allowed in a web page\nsuch as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something like a\nCross-Site Request Forgery (CSRF) attack against the add-on. Potential severity\nwould depend on the add-ons installed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12288", "scoring_system": "epss", "scoring_elements": "0.93978", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168", "reference_id": "CVE-2010-0168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html", "reference_id": "CVE-2010-0168;OSVDB-63269", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html" }, { "reference_url": "https://www.securityfocus.com/bid/38927/info", "reference_id": "CVE-2010-0168;OSVDB-63269", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/38927/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13", "reference_id": "mfsa2010-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aejk-rng6-r3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2601?format=api", "vulnerability_id": "VCID-af65-mt6s-m7gm", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03163", "scoring_system": "epss", "scoring_elements": "0.87139", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687", "reference_id": "521687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071", "reference_id": "CVE-2009-3071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-af65-mt6s-m7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74261?format=api", "vulnerability_id": "VCID-ag3v-an3r-dkhn", "summary": "firefox 3.5 various flaws", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11193", "scoring_system": "epss", "scoring_elements": "0.93616", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228", "reference_id": "511228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511228" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html", "reference_id": "OSVDB-55931;CVE-2009-2479", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2479" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ag3v-an3r-dkhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2337?format=api", "vulnerability_id": "VCID-aj7f-gyqy-c7d2", "summary": "Security researcher Collin Jackson reported a violation of\nthe HTML5 specifications for document.domain behavior. Specified\nbehavior requires pages to only have access to windows in a new\ndocument.domain but the observed violation allowed pages to retain\naccess to windows from the page's initial origin in addition to the new\ndocument.domain. This could potentially lead to cross-site\nscripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00924", "scoring_system": "epss", "scoring_elements": "0.76347", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863617", "reference_id": "863617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985", "reference_id": "CVE-2012-3985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-76", "reference_id": "mfsa2012-76", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-76" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aj7f-gyqy-c7d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2360?format=api", "vulnerability_id": "VCID-an8x-4b2f-cket", "summary": "Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01959", "scoring_system": "epss", "scoring_elements": "0.83793", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616", "reference_id": "877616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201", "reference_id": "CVE-2012-4201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93", "reference_id": "mfsa2012-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an8x-4b2f-cket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2309?format=api", "vulnerability_id": "VCID-and6-s8wt-rkfc", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08973", "scoring_system": "epss", "scoring_elements": "0.92732", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197", "reference_id": "664197", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196", "reference_id": "669196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026", "reference_id": "786026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444", "reference_id": "CVE-2012-0444", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07", "reference_id": "mfsa2012-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0136", "reference_id": "RHSA-2012:0136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0136" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" }, { "reference_url": "https://usn.ubuntu.com/1370-1/", "reference_id": "USN-1370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1370-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0444" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-and6-s8wt-rkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2367?format=api", "vulnerability_id": "VCID-ane4-965q-wfh8", "summary": "Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. \nAdditional vulnerable DLL file names were found and fixed in Firefox 18.0, Firefox ESR 17.0.1, and Firefox ESR 10.0.12 releases.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37402", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206", "reference_id": "CVE-2012-4206", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98", "reference_id": "mfsa2012-98", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ane4-965q-wfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2473?format=api", "vulnerability_id": "VCID-ap5q-gg9g-43fb", "summary": "Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03669", "scoring_system": "epss", "scoring_elements": "0.88092", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463189", "reference_id": "463189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837", "reference_id": "CVE-2008-3837", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-40", "reference_id": "mfsa2008-40", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-3837" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ap5q-gg9g-43fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88949?format=api", "vulnerability_id": "VCID-arxf-63u9-bbhw", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06763", "scoring_system": "epss", "scoring_elements": "0.91438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2671" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html", "reference_id": "CVE-2007-2671;OSVDB-35700", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html" }, { "reference_url": "https://www.securityfocus.com/bid/23747/info", "reference_id": "CVE-2007-2671;OSVDB-35700", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/23747/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2007-2671" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arxf-63u9-bbhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2817?format=api", "vulnerability_id": "VCID-asue-vdvw-47b4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02496", "scoring_system": "epss", "scoring_elements": "0.85566", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730518", "reference_id": "730518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982", "reference_id": "CVE-2011-2982", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1165", "reference_id": "RHSA-2011:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1167", "reference_id": "RHSA-2011:1167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1167" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-asue-vdvw-47b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2266?format=api", "vulnerability_id": "VCID-atd3-6j8b-4ygt", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97981", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188", "reference_id": "CVE-2012-4188", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4188" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atd3-6j8b-4ygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2264?format=api", "vulnerability_id": "VCID-atww-ctz6-23fg", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52507", "scoring_system": "epss", "scoring_elements": "0.97981", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4186" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186", "reference_id": "CVE-2012-4186", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4186" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atww-ctz6-23fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2648?format=api", "vulnerability_id": "VCID-auq4-xkn6-3fc9", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0364", "scoring_system": "epss", "scoring_elements": "0.8804", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3380" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567", "reference_id": "530567", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380", "reference_id": "CVE-2009-3380", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-auq4-xkn6-3fc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2599?format=api", "vulnerability_id": "VCID-avuv-znfu-wff5", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05238", "scoring_system": "epss", "scoring_elements": "0.90108", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521684", "reference_id": "521684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069", "reference_id": "CVE-2009-3069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avuv-znfu-wff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2404?format=api", "vulnerability_id": "VCID-awgw-xs6s-pufr", "summary": "Mozilla developer Boris Zbarsky reported that XBL\n bindings could be used to read data from other domains, a violation\n of the same-origin policy. The severity of this issue was determined\n to be moderate due to several mitigating factors:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79504", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5503" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476272", "reference_id": "476272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503", "reference_id": "CVE-2008-5503", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-61", "reference_id": "mfsa2008-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5503" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awgw-xs6s-pufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2368?format=api", "vulnerability_id": "VCID-ax4n-ycz1-2kfk", "summary": "Security Researcher Matt McCutchen reported that a\nclickjacking attack using the certificate warning page. A man-in-the-middle\n(MITM) attacker can use an iframe to display its own certificate error warning\npage (about:certerror) with the \"Add Exception\" button of a real warning page\nfrom a malicious site. This can mislead users to adding a certificate exception\nfor a different site than the perceived one. This can lead to compromised\ncommunications with the user perceived site through the MITM attack once the\ncertificate exception has been added.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00901", "scoring_system": "epss", "scoring_elements": "0.76022", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222", "reference_id": "840222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964", "reference_id": "CVE-2012-1964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54", "reference_id": "mfsa2012-54", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax4n-ycz1-2kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2197?format=api", "vulnerability_id": "VCID-aykv-pwdn-rkb6", "summary": "Mozilla developers identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02476", "scoring_system": "epss", "scoring_elements": "0.85525", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047", "reference_id": "566047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159", "reference_id": "CVE-2010-0159", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01", "reference_id": "mfsa2010-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0159" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aykv-pwdn-rkb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2887?format=api", "vulnerability_id": "VCID-azf5-cjq7-6uc1", "summary": "Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0159", "scoring_system": "epss", "scoring_elements": "0.81939", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002", "reference_id": "CVE-2011-3002", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41", "reference_id": "mfsa2011-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3002" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azf5-cjq7-6uc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2642?format=api", "vulnerability_id": "VCID-azu7-x774-kfdz", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07679", "scoring_system": "epss", "scoring_elements": "0.92024", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488272", "reference_id": "488272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771", "reference_id": "CVE-2009-0771", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0771" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azu7-x774-kfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2581?format=api", "vulnerability_id": "VCID-b31y-7bzb-9ufb", "summary": "Security researcher Jeremy Brown reported that the\nfile naming scheme used for downloading a file which already exists in\nthe downloads folder is predictable. If an attacker had local access\nto a victim's computer and knew the name of a file the victim intended\nto open through the Download Manager, he could use this vulnerability\nto place a malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it. Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3376", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815", "reference_id": "524815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274", "reference_id": "CVE-2009-3274", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53", "reference_id": "mfsa2009-53", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3274" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b31y-7bzb-9ufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2217?format=api", "vulnerability_id": "VCID-b3p1-qqys-9udq", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0276", "scoring_system": "epss", "scoring_elements": "0.8626", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443", "reference_id": "CVE-2012-0443", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01", "reference_id": "mfsa2012-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0443" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3p1-qqys-9udq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2364?format=api", "vulnerability_id": "VCID-b7t8-kqn7-jfcm", "summary": "Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08531", "scoring_system": "epss", "scoring_elements": "0.92508", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=872753", "reference_id": "872753", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190", "reference_id": "CVE-2012-4190", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88", "reference_id": "mfsa2012-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4190" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7t8-kqn7-jfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2333?format=api", "vulnerability_id": "VCID-bb7c-gufb-ybat", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00873", "scoring_system": "epss", "scoring_elements": "0.75549", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1970" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851909", "reference_id": "851909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970", "reference_id": "CVE-2012-1970", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1970" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bb7c-gufb-ybat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2287?format=api", "vulnerability_id": "VCID-bc4u-zpu7-bbgx", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75362", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830", "reference_id": "CVE-2012-5830", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5830" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bc4u-zpu7-bbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2854?format=api", "vulnerability_id": "VCID-bcbh-azrk-fqe7", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.These vulnerabilities did not affect the older browser engine used\nprior to Firefox 4.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88535", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660", "reference_id": "CVE-2011-3660", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53", "reference_id": "mfsa2011-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3660" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcbh-azrk-fqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2609?format=api", "vulnerability_id": "VCID-bdw1-fw83-q7ac", "summary": "Security researcher Guido Landi discovered that a\nXSL stylesheet could be used to crash the browser during a XSL\ntransformation. An attacker could potentially use this crash to run\narbitrary code on a victim's computer.This vulnerability was also previously reported as a stability\nproblem by Ubuntu community member, Andre. Ubuntu\ncommunity member Michael Rooney reported Andre's\nfindings to Mozilla, and Mozilla community member Martin\nhelped reduce Andre's original testcase and contributed a patch to fix\nthe vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37495", "scoring_system": "epss", "scoring_elements": "0.9726", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=492211", "reference_id": "492211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169", "reference_id": "CVE-2009-1169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-12", "reference_id": "mfsa2009-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-12" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt", "reference_id": "OSVDB-53079;CVE-2009-1169", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0397", "reference_id": "RHSA-2009:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0398", "reference_id": "RHSA-2009:0398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0398" }, { "reference_url": "https://usn.ubuntu.com/745-1/", "reference_id": "USN-745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdw1-fw83-q7ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2835?format=api", "vulnerability_id": "VCID-beyj-rs2t-8kgv", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nan internal privilege check failed to respect the NoWaiverWrappers introduced\nwith Firefox 4. This could result in elevated privilege being granted to web content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00939", "scoring_system": "epss", "scoring_elements": "0.76544", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3655" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655", "reference_id": "CVE-2011-3655", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-52", "reference_id": "mfsa2011-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-52" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3655" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-beyj-rs2t-8kgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2170?format=api", "vulnerability_id": "VCID-bez8-mm4d-pqf3", "summary": "Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random(). Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user. This additional variant is\nidentified as CVE-2010-3171.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08698", "scoring_system": "epss", "scoring_elements": "0.92607", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171", "reference_id": "CVE-2010-3171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c", "reference_id": "CVE-2010-3171;OSVDB-53341", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c" }, { "reference_url": "https://www.securityfocus.com/bid/43222/info", "reference_id": "CVE-2010-3171;OSVDB-53341", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/43222/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33", "reference_id": "mfsa2010-33", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bez8-mm4d-pqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2664?format=api", "vulnerability_id": "VCID-bf3g-e7fs-t3g4", "summary": "Bjoern Hoehrmann and security researcher Moxie\nMarlinspike independently reported\nthat Unicode box drawing characters were allowed in Internationalized\nDomain Names (IDN) where they could be visually confused with\npunctuation used in valid web addresses. This could be combined with\na phishing-type scam to trick a victim into thinking they were on a\ndifferent website than they actually were.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02133", "scoring_system": "epss", "scoring_elements": "0.84459", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0652" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=486704", "reference_id": "486704", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=486704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652", "reference_id": "CVE-2009-0652", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-15", "reference_id": "mfsa2009-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0652" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf3g-e7fs-t3g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2181?format=api", "vulnerability_id": "VCID-bgku-whvs-rkdg", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the fix\nfor CVE-2010-0179\ncould be circumvented permitting the execution of arbitrary JavaScript\nwith chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77786", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660435", "reference_id": "660435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773", "reference_id": "CVE-2010-3773", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3773" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgku-whvs-rkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2597?format=api", "vulnerability_id": "VCID-bhha-rf3c-dkdn", "summary": "Mozilla security researcher Georgi Guninski\nreported that a website could use nsIRDFService and a\ncross-domain redirect to steal arbitrary XML data from another domain,\na violation of the same-origin policy. This vulnerability could be\nused by a malicious website to steal private data from users\nauthenticated to the redirected website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00865", "scoring_system": "epss", "scoring_elements": "0.75427", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488290", "reference_id": "488290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776", "reference_id": "CVE-2009-0776", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-09", "reference_id": "mfsa2009-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhha-rf3c-dkdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2212?format=api", "vulnerability_id": "VCID-bhv2-kaa4-u3hr", "summary": "A memory corruption flaw leading to code execution was reported by\nsecurity researcher Nils of MWR InfoSecurity during the\n2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative.\nBy moving DOM nodes between documents Nils found a case where the moved\nnode incorrectly retained its old scope. If garbage collection could\nbe triggered at the right time then Firefox would later use this freed\nobject.The contest winning exploit only affects Firefox 3.6\nand not earlier versions.Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and\nThunderbird 3.0 based on earlier versions of the browser\nengine were patched just in case there\nis an alternate way of triggering the underlying flaw.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0465", "scoring_system": "epss", "scoring_elements": "0.89465", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1121" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029", "reference_id": "577029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121", "reference_id": "CVE-2010-1121", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-25", "reference_id": "mfsa2010-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1121" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhv2-kaa4-u3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2136?format=api", "vulnerability_id": "VCID-bkqh-bg7u-mug1", "summary": "Microsoft Vulnerability Research reported that two\nplugin instances could interact in a way in which one plugin gets a\nreference to an object owned by a second plugin and continues to hold\nthat reference after the second plugin is unloaded and its object is\ndestroyed. In these cases, the first plugin would contain a pointer\nto freed memory which, if accessed, could be used by an attacker to\nexecute arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05287", "scoring_system": "epss", "scoring_elements": "0.90154", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1198" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828", "reference_id": "590828", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198", "reference_id": "CVE-2010-1198", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-28", "reference_id": "mfsa2010-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1198" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkqh-bg7u-mug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2339?format=api", "vulnerability_id": "VCID-bmcs-22gj-nbeq", "summary": "Security researcher Frédéric Hoguin reported two related\nissues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)\nformat files. When processing a negative \"height\" header value for the bitmap\nimage, a memory corruption can be induced, allowing an attacker to write random\nmemory and cause a crash. This crash may be potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03664", "scoring_system": "epss", "scoring_elements": "0.88084", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851918", "reference_id": "851918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966", "reference_id": "CVE-2012-3966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61", "reference_id": "mfsa2012-61", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmcs-22gj-nbeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2344?format=api", "vulnerability_id": "VCID-bqd9-snzc-b7fj", "summary": "An integer overflow in the libpng library can lead to a heap-buffer\noverflow when decompressing certain PNG images. This leads to a\ncrash, which may be potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43757", "scoring_system": "epss", "scoring_elements": "0.97586", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3026" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=790737", "reference_id": "790737", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026", "reference_id": "CVE-2011-3026", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-11", "reference_id": "mfsa2012-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0140", "reference_id": "RHSA-2012:0140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0141", "reference_id": "RHSA-2012:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0142", "reference_id": "RHSA-2012:0142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0143", "reference_id": "RHSA-2012:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0317", "reference_id": "RHSA-2012:0317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0317" }, { "reference_url": "https://usn.ubuntu.com/1367-1/", "reference_id": "USN-1367-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-1/" }, { "reference_url": "https://usn.ubuntu.com/1367-2/", "reference_id": "USN-1367-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-2/" }, { "reference_url": "https://usn.ubuntu.com/1367-3/", "reference_id": "USN-1367-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-3/" }, { "reference_url": "https://usn.ubuntu.com/1367-4/", "reference_id": "USN-1367-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1367-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3026" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqd9-snzc-b7fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2578?format=api", "vulnerability_id": "VCID-brj2-m46s-5yb8", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05821", "scoring_system": "epss", "scoring_elements": "0.90662", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136", "reference_id": "512136", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466", "reference_id": "CVE-2009-2466", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2466" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brj2-m46s-5yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2343?format=api", "vulnerability_id": "VCID-bs5a-44n6-tug1", "summary": "Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03834", "scoring_system": "epss", "scoring_elements": "0.88353", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877633", "reference_id": "877633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210", "reference_id": "CVE-2012-4210", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-104", "reference_id": "mfsa2012-104", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bs5a-44n6-tug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80811?format=api", "vulnerability_id": "VCID-bt4y-zzfb-3kbc", "summary": "Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05951", "scoring_system": "epss", "scoring_elements": "0.90784", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html", "reference_id": "CVE-2009-2044;OSVDB-56471", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html" }, { "reference_url": "https://www.securityfocus.com/bid/35280/info", "reference_id": "CVE-2009-2044;OSVDB-56471", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35280/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt4y-zzfb-3kbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2787?format=api", "vulnerability_id": "VCID-bv7y-5uve-5ffk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02514", "scoring_system": "epss", "scoring_elements": "0.8564", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0080" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700677", "reference_id": "700677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080", "reference_id": "CVE-2011-0080", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0080" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bv7y-5uve-5ffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2300?format=api", "vulnerability_id": "VCID-bvph-4hqk-u3ah", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02337", "scoring_system": "epss", "scoring_elements": "0.8511", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5840" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840", "reference_id": "CVE-2012-5840", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5840" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvph-4hqk-u3ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2888?format=api", "vulnerability_id": "VCID-bw9h-t8jr-zfac", "summary": "Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01512", "scoring_system": "epss", "scoring_elements": "0.81504", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003", "reference_id": "CVE-2011-3003", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41", "reference_id": "mfsa2011-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-41" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3003" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bw9h-t8jr-zfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2621?format=api", "vulnerability_id": "VCID-c141-m4yb-zkf3", "summary": "Security researcher David James reported that a\ncontent window which is opened by a chrome window retains a reference\nto the chrome window via the window.opener property. Using\nthis reference, content in the new window can access functions \ninside the chrome window, such as eval, and use these\nfunctions to run arbitrary JavaScript code with chrome privileges. In\na stock Mozilla browser a remote attacker can not cause these application\ndialogs to appear nor to automatically load the attack code that takes advantage\nof this flaw in window.opener. There may be add-ons which open\npotentially hostile web-content in this way, and combined with such an add-on the\nseverity of this flaw could be upgraded to Critical.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01982", "scoring_system": "epss", "scoring_elements": "0.83867", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724", "reference_id": "546724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986", "reference_id": "CVE-2009-3986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70", "reference_id": "mfsa2009-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3986" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c141-m4yb-zkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2323?format=api", "vulnerability_id": "VCID-c3mx-m2ka-s7fm", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03932", "scoring_system": "epss", "scoring_elements": "0.88521", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3959" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959", "reference_id": "CVE-2012-3959", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3959" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3mx-m2ka-s7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2644?format=api", "vulnerability_id": "VCID-c6uk-gmwa-87e8", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.92818", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488276", "reference_id": "488276", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773", "reference_id": "CVE-2009-0773", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0773" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6uk-gmwa-87e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2208?format=api", "vulnerability_id": "VCID-c7cm-h81n-6fhj", "summary": "Security researcher Martin Barbella reported via\nTippingPoint's Zero Day Initiative that an XSLT node sorting routine\ncontained an integer overflow vulnerability. In cases where one of\nthe nodes to be sorted contained a very large text value, the integer\nused to allocate a memory buffer to store its value would overflow,\nresulting in too small a buffer being created. An attacker could use\nthis vulnerability to write data past the end of the buffer, causing\nthe browser to crash and potentially running arbitrary code on a\nvictim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42703", "scoring_system": "epss", "scoring_elements": "0.97535", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833", "reference_id": "590833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199", "reference_id": "CVE-2010-1199", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py", "reference_id": "CVE-2010-1199", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt", "reference_id": "CVE-2010-1199;OSVDB-65744", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41082/info", "reference_id": "CVE-2010-1199;OSVDB-65744", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41082/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-30", "reference_id": "mfsa2010-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1199" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7cm-h81n-6fhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2174?format=api", "vulnerability_id": "VCID-c81m-9s68-zbgx", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03853", "scoring_system": "epss", "scoring_elements": "0.88399", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3176" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642272", "reference_id": "642272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176", "reference_id": "CVE-2010-3176", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3176" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c81m-9s68-zbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2205?format=api", "vulnerability_id": "VCID-cats-tmkd-pbf3", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.87292", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630055", "reference_id": "630055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169", "reference_id": "CVE-2010-3169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49", "reference_id": "mfsa2010-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cats-tmkd-pbf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2594?format=api", "vulnerability_id": "VCID-cb3n-ay7x-aff4", "summary": "Security researcher Takehiro Takahashi of the IBM\nX-Force reported that Mozilla's NTLM implementation was vulnerable to\nreflection attacks in which NTLM credentials from one application\ncould be forwarded to another arbitrary application via the browser.\nIf an attacker could get a user to visit a web page he controlled he\ncould force NTLM authenticated requests to be forwarded to another\napplication on behalf of the user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71528", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720", "reference_id": "546720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983", "reference_id": "CVE-2009-3983", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68", "reference_id": "mfsa2009-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3983" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cb3n-ay7x-aff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2464?format=api", "vulnerability_id": "VCID-cd4g-54yc-bqhd", "summary": "Perl developer Chip Salzenberg reported that\ncertain control characters, when placed at the beginning of a URL,\nwould lead to incorrect parsing resulting in a malformed URL being\noutput by the parser. IBM researchers Justin Schuh,\nTom Cross, and Peter William also\nreported a related symptom as part of their research that resulted in\nMFSA 2008-37.\n\nThere was no direct security impact from this issue and its effect\nwas limited to the improper rendering of hyperlinks containing\nspecific characters. The severity of this issue was determined to be\nlow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02182", "scoring_system": "epss", "scoring_elements": "0.8463", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5508" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476281", "reference_id": "476281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508", "reference_id": "CVE-2008-5508", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-66", "reference_id": "mfsa2008-66", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5508" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cd4g-54yc-bqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2789?format=api", "vulnerability_id": "VCID-cfnb-jsaa-a3g2", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700615", "reference_id": "700615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075", "reference_id": "CVE-2011-0075", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0075" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfnb-jsaa-a3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2151?format=api", "vulnerability_id": "VCID-chve-znmf-w7at", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06395", "scoring_system": "epss", "scoring_elements": "0.91162", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3075" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691", "reference_id": "521691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075", "reference_id": "CVE-2009-3075", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3075" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chve-znmf-w7at" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2317?format=api", "vulnerability_id": "VCID-ckwu-zacg-d3bj", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03305", "scoring_system": "epss", "scoring_elements": "0.87451", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1974" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974", "reference_id": "CVE-2012-1974", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1974" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckwu-zacg-d3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2450?format=api", "vulnerability_id": "VCID-ct5t-awyq-8udv", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77475", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5511" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476285", "reference_id": "476285", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511", "reference_id": "CVE-2008-5511", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68", "reference_id": "mfsa2008-68", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5511" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ct5t-awyq-8udv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2647?format=api", "vulnerability_id": "VCID-ctgf-gs1u-wygc", "summary": "An anonymous researcher, via TippingPoint's Zero Day Initiative\nprogram, reported a vulnerability in Mozilla's garbage collection\nprocess. The vulnerability was caused by improper memory management\nof a set of cloned XUL DOM elements which were linked as a parent and\nchild. After reloading the browser on a page with such linked\nelements, the browser would crash when attempting to access an object\nwhich was already destroyed. An attacker could use this crash to run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06585", "scoring_system": "epss", "scoring_elements": "0.91304", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488287", "reference_id": "488287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775", "reference_id": "CVE-2009-0775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-08", "reference_id": "mfsa2009-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctgf-gs1u-wygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2576?format=api", "vulnerability_id": "VCID-cv76-zkt8-87e3", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17716", "scoring_system": "epss", "scoring_elements": "0.95225", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512133", "reference_id": "512133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464", "reference_id": "CVE-2009-2464", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt", "reference_id": "CVE-2009-2464;OSVDB-56229", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35775/info", "reference_id": "CVE-2009-2464;OSVDB-56229", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35775/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2464" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cv76-zkt8-87e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2806?format=api", "vulnerability_id": "VCID-cyed-u483-qbg3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90963", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988", "reference_id": "CVE-2011-2988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyed-u483-qbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88961?format=api", "vulnerability_id": "VCID-czbz-3q9u-e3dy", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0068" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czbz-3q9u-e3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2828?format=api", "vulnerability_id": "VCID-d18j-gp7z-kyfd", "summary": "Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00429", "scoring_system": "epss", "scoring_elements": "0.62765", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741917", "reference_id": "741917", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372", "reference_id": "CVE-2011-2372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40", "reference_id": "mfsa2011-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2372" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d18j-gp7z-kyfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2650?format=api", "vulnerability_id": "VCID-d2bp-jqx3-9kb3", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15845", "scoring_system": "epss", "scoring_elements": "0.94852", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530569", "reference_id": "530569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382", "reference_id": "CVE-2009-3382", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html", "reference_id": "CVE-2009-3382;OSVDB-59384", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html" }, { "reference_url": "https://www.securityfocus.com/bid/36866/info", "reference_id": "CVE-2009-3382;OSVDB-59384", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/36866/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3382" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2bp-jqx3-9kb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2433?format=api", "vulnerability_id": "VCID-d964-8bnu-7qdb", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03767", "scoring_system": "epss", "scoring_elements": "0.88236", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5502" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476269", "reference_id": "476269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502", "reference_id": "CVE-2008-5502", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5502" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d964-8bnu-7qdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88953?format=api", "vulnerability_id": "VCID-d9m2-xqje-s7am", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15887", "scoring_system": "epss", "scoring_elements": "0.94859", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1828" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html", "reference_id": "OSVDB-56406;CVE-2009-1828", "reference_type": "exploit", "scores": [], "url": "http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt", "reference_id": "OSVDB-56406;CVE-2009-1828", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1828" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9m2-xqje-s7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2635?format=api", "vulnerability_id": "VCID-d9xx-kdwq-6fgg", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05076", "scoring_system": "epss", "scoring_elements": "0.89939", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3979" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694", "reference_id": "546694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979", "reference_id": "CVE-2009-3979", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1673", "reference_id": "RHSA-2009:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3979" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9xx-kdwq-6fgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2668?format=api", "vulnerability_id": "VCID-dcjk-caxq-a3g3", "summary": "Security researcher Orlando Berrera of Sec Theory\nreported that recursive creation of JavaScript web-workers can be used\nto create a set of objects whose memory could be freed prior to their\nuse. These conditions often result in a crash which could potentially\nbe used by an attacker to run arbitrary code on a victim's\ncomputer.Web Workers were introduced in Firefox 3.5 so this\nvulnerability did not affect earlier releases such as Firefox 3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02682", "scoring_system": "epss", "scoring_elements": "0.86092", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371", "reference_id": "CVE-2009-3371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54", "reference_id": "mfsa2009-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3371" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dcjk-caxq-a3g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2167?format=api", "vulnerability_id": "VCID-depk-81ux-wua9", "summary": "Security researcher Nils of MWR InfoSecurity\nreported that the routine for setting the text value for certain types\nof DOM nodes contained an integer overflow vulnerability. When a very\nlong string was passed to this routine, the integer value used in\ncreating a new memory buffer to hold the string would overflow,\nresulting in too small a buffer being allocated. An attacker could\nuse this vulnerability to write data past the end of the buffer,\ncausing a crash and potentially running arbitrary code on a victim's\ncomputer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05226", "scoring_system": "epss", "scoring_elements": "0.90094", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830", "reference_id": "590830", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196", "reference_id": "CVE-2010-1196", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-29", "reference_id": "mfsa2010-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1196" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-depk-81ux-wua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2855?format=api", "vulnerability_id": "VCID-desa-fpt9-8qaa", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a method used\nby JSON.stringify contained a use-after-free error in\nwhich a currently in-use pointer was freed and subsequently\ndereferenced. This could lead to arbitrary code execution if an\nattacker was able to store malicious code in the freed section of\nmemory.Mozilla developer Igor Bukanov also independently\ndiscovered and reported this issue two weeks after the initial\nreport was received.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87577", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675090", "reference_id": "675090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055", "reference_id": "CVE-2011-0055", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03", "reference_id": "mfsa2011-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0055" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-desa-fpt9-8qaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2340?format=api", "vulnerability_id": "VCID-dfx3-vhn9-fkbh", "summary": "Security researcher Bill Keese reported a memory corruption.\nThis is caused by JSDependentString::undepend changing a dependent string into a\nfixed string when there are additional dependent strings relying on the same\nbase. When the undepend occurs during conversion, the base data is freed,\nleaving other dependent strings with dangling pointers. This can lead to a\npotentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.87612", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215", "reference_id": "840215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962", "reference_id": "CVE-2012-1962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52", "reference_id": "mfsa2012-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1962" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfx3-vhn9-fkbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2883?format=api", "vulnerability_id": "VCID-dk9z-4a47-67g9", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat it was possible for a non-whitelisted site to trigger an install\ndialog for add-ons and themes.This vulnerability was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54353", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370", "reference_id": "CVE-2011-2370", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28", "reference_id": "mfsa2011-28", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2370" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk9z-4a47-67g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2319?format=api", "vulnerability_id": "VCID-dnur-7qxp-g7g1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03172", "scoring_system": "epss", "scoring_elements": "0.87157", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976", "reference_id": "CVE-2012-1976", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1976" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnur-7qxp-g7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2382?format=api", "vulnerability_id": "VCID-dwfw-frsy-tfcr", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01161", "scoring_system": "epss", "scoring_elements": "0.78906", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461", "reference_id": "CVE-2012-0461", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0461" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwfw-frsy-tfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2441?format=api", "vulnerability_id": "VCID-dzph-njyd-1qeu", "summary": "Security researcher Liu Die Yu of\nTopsecTianRongXin reported that locally saved .url shortcut files\ncould be used to read information stored in the local cache. An\nattacker could use this vulnerability to steal information from a\nvictim's browser cache if they were able to get the victim to download\ntwo separate files, a .url shortcut and a HTML file. Given the\nrelative complexity of this attack, the severity of the issue was\ndetermined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.3558", "scoring_system": "epss", "scoring_elements": "0.97145", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4582" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470903", "reference_id": "470903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582", "reference_id": "CVE-2008-4582", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html", "reference_id": "CVE-2008-4582;OSVDB-49073", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html" }, { "reference_url": "https://www.securityfocus.com/bid/31611/info", "reference_id": "CVE-2008-4582;OSVDB-49073", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/31611/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-47", "reference_id": "mfsa2008-47", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-47" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4582" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzph-njyd-1qeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2157?format=api", "vulnerability_id": "VCID-e1zc-uz7j-vqgf", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that code used to normalize a\ndocument contained a logical flaw that could be leveraged to run\narbitrary code. When the normalization code ran, a static count of\nthe document's child nodes was used in the traversal, so a page could\nbe constructed that would remove DOM nodes during this normalization\nwhich could lead to the accessing of a deleted object and potentially\nthe execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90088", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630069", "reference_id": "630069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766", "reference_id": "CVE-2010-2766", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57", "reference_id": "mfsa2010-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1zc-uz7j-vqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2589?format=api", "vulnerability_id": "VCID-e2zn-rn59-gyfv", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the BrowserFeedWriter could be leveraged to run\nJavaScript code from web content with elevated privileges. Using this\nvulnerability, an attacker could construct an object containing\nmalicious JavaScript and cause the FeedWriter to process the object,\nrunning the malicious code with chrome privileges.Thunderbird does not support\nthe BrowserFeedWriter object and is not vulnerable in its\ndefault configuration. Thunderbird might be vulnerable if the user has\ninstalled any add-on which adds a similarly implemented feature and\nthen enables JavaScript in mail messages. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0151", "scoring_system": "epss", "scoring_elements": "0.81493", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3079" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695", "reference_id": "521695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079", "reference_id": "CVE-2009-3079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51", "reference_id": "mfsa2009-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2zn-rn59-gyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2286?format=api", "vulnerability_id": "VCID-e5dd-61fv-efe7", "summary": "Mozilla community member Matias Juntunen discovered an error\nin WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments\nfrom FindMaxUshortElement. This bug causes maximum index to be computed\nincorrectly within WebGL.drawElements, allowing the reading of illegal video\nmemory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72599", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0473" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815023", "reference_id": "815023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473", "reference_id": "CVE-2012-0473", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-26", "reference_id": "mfsa2012-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0473" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5dd-61fv-efe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2291?format=api", "vulnerability_id": "VCID-e8gx-6nqq-xbcx", "summary": "Security researcher Simone Fabiano reported that if a\ncross-site XHR or WebSocket is opened on a web server on a non-standard port for\nweb traffic while using an IPv6 address, the browser will send an ambiguous\norigin headers if the IPv6 address contains at least 2 consecutive 16-bit fields\nof zeroes. If there is an origin access control list that uses IPv6 literals,\nthis issue could be used to bypass these access controls on the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52566", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0475" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187", "reference_id": "815187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475", "reference_id": "CVE-2012-0475", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-28", "reference_id": "mfsa2012-28", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-28" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0475" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8gx-6nqq-xbcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2265?format=api", "vulnerability_id": "VCID-e921-wz2n-cycp", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20011", "scoring_system": "epss", "scoring_elements": "0.95575", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187", "reference_id": "CVE-2012-4187", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4187" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e921-wz2n-cycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2834?format=api", "vulnerability_id": "VCID-ea8w-cmzd-hqan", "summary": "Security researcher Soroush Dalili reported that\nthe resource: protocol could be exploited to allow directory traversal\non Windows and the potential loading of resources from non-permitted\nlocations. The impact would depend on whether interesting files existed\nin predictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01674", "scoring_system": "epss", "scoring_elements": "0.8245", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635", "reference_id": "700635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071", "reference_id": "CVE-2011-0071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16", "reference_id": "mfsa2011-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8w-cmzd-hqan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2241?format=api", "vulnerability_id": "VCID-ec9h-nv75-tkc6", "summary": "Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.\nUpdate October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00743", "scoring_system": "epss", "scoring_elements": "0.73308", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912", "reference_id": "851912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956", "reference_id": "CVE-2012-1956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59", "reference_id": "mfsa2012-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1956" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec9h-nv75-tkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2324?format=api", "vulnerability_id": "VCID-eftp-v3k7-xkct", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85041", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960", "reference_id": "CVE-2012-3960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3960" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eftp-v3k7-xkct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2121?format=api", "vulnerability_id": "VCID-embn-ntxv-73bh", "summary": "Mozilla developer Justin Dolske reported that the new\nasynchronous Authorization Prompt (HTTP username and password) was not\nalways attached to the correct window. Although we have not\ndemonstrated this, it may be possible for a malicious page to convince\na user to open a new tab or popup to a trusted service and then have\nthe HTTP authorization prompt from the malicious page appear to be\nthe login prompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few web sites use HTTP authorization,\npreferring instead to use web forms and cookies.This issue does not affect older versions of Firefox or\nproducts based on the Mozilla browser engine, such as Thunderbird and\nSeaMonkey, using an older version of the engine.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67741", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172", "reference_id": "CVE-2010-0172", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15", "reference_id": "mfsa2010-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0172" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-embn-ntxv-73bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2307?format=api", "vulnerability_id": "VCID-ermf-rt9s-duhy", "summary": "Mozilla developer Bobby Holley found that same-compartment\nsecurity wrappers (SCSW) can be bypassed by passing them to another compartment.\nCross-compartment wrappers often do not go through SCSW, but have a filtering\npolicy built into them. When an object is wrapped cross-compartment, the SCSW is\nstripped off and, when the object is read read back, it is not known that SCSW\nwas previously present, resulting in a bypassing of SCSW. This could result in\nuntrusted content having access to the XBL that implements browser\nfunctionality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.7643", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1959" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212", "reference_id": "840212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959", "reference_id": "CVE-2012-1959", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49", "reference_id": "mfsa2012-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1959" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ermf-rt9s-duhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2783?format=api", "vulnerability_id": "VCID-ess5-nmfb-kygw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06848", "scoring_system": "epss", "scoring_elements": "0.91493", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079", "reference_id": "CVE-2011-0079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ess5-nmfb-kygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2310?format=api", "vulnerability_id": "VCID-ez55-uvz6-gfh8", "summary": "Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, calls to history.forward and\nhistory.back are used to navigate to a site while displaying the previous site\nin the addressbar but changing the baseURI to the newer site. This can be used\nfor phishing by allowing the user to input form or other data on the newer,\nattacking, site while appearing to be on the older, displayed site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02583", "scoring_system": "epss", "scoring_elements": "0.85821", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1955" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206", "reference_id": "840206", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955", "reference_id": "CVE-2012-1955", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45", "reference_id": "mfsa2012-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1955" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ez55-uvz6-gfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2882?format=api", "vulnerability_id": "VCID-f5qs-usvq-7ygn", "summary": "Security researcher Roberto Suggi Liverani\nreported that ParanoidFragmentSink, a class used to\nsanitize potentially unsafe HTML for display,\nallows javascript: URLs and other inline JavaScript when\nthe embedding document is a chrome document. While there are no\nunsafe uses of this class in any released products, extension code\ncould have potentially used it in an unsafe manner.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01466", "scoring_system": "epss", "scoring_elements": "0.81198", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675094", "reference_id": "675094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585", "reference_id": "CVE-2010-1585", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08", "reference_id": "mfsa2011-08", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5qs-usvq-7ygn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2168?format=api", "vulnerability_id": "VCID-f7b5-ehbj-m7eq", "summary": "Google security researcher Michal Zalewski\nreported that when a window was opened to a site resulting in a\nnetwork or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content. An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually\nwere.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77452", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660438", "reference_id": "660438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774", "reference_id": "CVE-2010-3774", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-83", "reference_id": "mfsa2010-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3774" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7b5-ehbj-m7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2417?format=api", "vulnerability_id": "VCID-fj5e-3c6k-2qc7", "summary": "Security researcher David Bloom reported that the\nbrowser's session restore feature can be used to violate the\nsame-origin policy and run JavaScript in the context of another site.\nAny otherwise unexploitable crash can be used to force the user into the\nsession restore state Mozilla security researcher moz_bug_r_a4 demonstrated that\nthis vulnerability could also be used by an attacker to run arbitrary\nJavaScript with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12823", "scoring_system": "epss", "scoring_elements": "0.9414", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5019" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470889", "reference_id": "470889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019", "reference_id": "CVE-2008-5019", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-53", "reference_id": "mfsa2008-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5019" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fj5e-3c6k-2qc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2218?format=api", "vulnerability_id": "VCID-fjd2-qz3j-quct", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0442", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01441", "scoring_system": "epss", "scoring_elements": "0.81034", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0442" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785085", "reference_id": "785085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442", "reference_id": "CVE-2012-0442", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01", "reference_id": "mfsa2012-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0084", "reference_id": "RHSA-2012:0084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0085", "reference_id": "RHSA-2012:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0085" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0442" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjd2-qz3j-quct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2877?format=api", "vulnerability_id": "VCID-fjza-kzrj-h7bf", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08632", "scoring_system": "epss", "scoring_elements": "0.92563", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654", "reference_id": "CVE-2011-3654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjza-kzrj-h7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2813?format=api", "vulnerability_id": "VCID-fkcd-dn21-k3aa", "summary": "Alex Miller reported that when very long strings\nwere constructed and inserted into an HTML document, the browser would\nincorrectly construct the layout objects used to display the text.\nUnder such conditions an incorrect length would be calculated for a\ntext run resulting in too small of a memory buffer being allocated to\nstore the text. This issue could be used by an attacker to write data\npast the end of the buffer and execute malicious code on a victim's\ncomputer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07784", "scoring_system": "epss", "scoring_elements": "0.92084", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675143", "reference_id": "675143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058", "reference_id": "CVE-2011-0058", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07", "reference_id": "mfsa2011-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0058" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fkcd-dn21-k3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2175?format=api", "vulnerability_id": "VCID-fm6v-97ps-qkb1", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03233", "scoring_system": "epss", "scoring_elements": "0.87292", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642275", "reference_id": "642275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175", "reference_id": "CVE-2010-3175", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3175" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fm6v-97ps-qkb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2381?format=api", "vulnerability_id": "VCID-fmxb-m3xe-y7hd", "summary": "Anne van Kesteren of Opera Software found a \nmulti-octet encoding issue where certain octets will destroy the following\noctets in the processing of some multibyte character sets. This can leave users\nvulnerable to cross-site scripting (XSS) attacks on maliciously crafted web\npages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72828", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815021", "reference_id": "815021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471", "reference_id": "CVE-2012-0471", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-24", "reference_id": "mfsa2012-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0471" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmxb-m3xe-y7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2279?format=api", "vulnerability_id": "VCID-fnqu-d93p-nyht", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05001", "scoring_system": "epss", "scoring_elements": "0.89858", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1954" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954", "reference_id": "CVE-2012-1954", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1954" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnqu-d93p-nyht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2469?format=api", "vulnerability_id": "VCID-fshd-5yva-8yc8", "summary": "Justin Schuh of the IBM X-Force reported a flaw in\nthe way Mozilla parses the http-index-format MIME type. By sending a\nspecially crafted 200 header line in the HTTP index response, an\nattacker can cause the browser to crash and run arbitrary code on the\nvictim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14498", "scoring_system": "epss", "scoring_elements": "0.94558", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470892", "reference_id": "470892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470892" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017", "reference_id": "CVE-2008-0017", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-54", "reference_id": "mfsa2008-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-0017" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fshd-5yva-8yc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2276?format=api", "vulnerability_id": "VCID-fu4j-atx7-p3by", "summary": "Mozilla community member Alice White reported that when the\nGetProperty function is invoked through JSAPI, security checking\ncan be bypassed when getting cross-origin properties. This potentially allowed\nfor arbitrary code execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80889", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3991" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621", "reference_id": "863621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991", "reference_id": "CVE-2012-3991", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-81", "reference_id": "mfsa2012-81", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-81" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3991" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fu4j-atx7-p3by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2272?format=api", "vulnerability_id": "VCID-fw1w-z9qg-2uef", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00964", "scoring_system": "epss", "scoring_elements": "0.76846", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196", "reference_id": "CVE-2012-4196", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4196" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fw1w-z9qg-2uef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71457?format=api", "vulnerability_id": "VCID-fwc9-m2qd-eua6", "summary": "firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47519", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4688" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=761550", "reference_id": "761550", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761550" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-4688" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwc9-m2qd-eua6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2657?format=api", "vulnerability_id": "VCID-fwmk-3y43-hyhv", "summary": "Andrej Andolsek reported that when Firefox\nreceives a reply from a SOCKS5 proxy which contains a DNS name longer\nthan 15 characters, the subsequent data stream in the response can\nbecome corrupted. There was no evidence of memory corruption,\nhowever, and the severity of the issue was determined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86034", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145", "reference_id": "512145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470", "reference_id": "CVE-2009-2470", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-38", "reference_id": "mfsa2009-38", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2470" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwmk-3y43-hyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2293?format=api", "vulnerability_id": "VCID-g214-2v75-dfd2", "summary": "Security researchers Mario Gomes and Soroush\nDalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01216", "scoring_system": "epss", "scoring_elements": "0.79324", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840225", "reference_id": "840225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965", "reference_id": "CVE-2012-1965", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-55", "reference_id": "mfsa2012-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g214-2v75-dfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2349?format=api", "vulnerability_id": "VCID-g2cj-8shy-uqcc", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06289", "scoring_system": "epss", "scoring_elements": "0.91078", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1941" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941", "reference_id": "CVE-2012-1941", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1941" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2cj-8shy-uqcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2115?format=api", "vulnerability_id": "VCID-g7fv-ggv2-aqhn", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially\ncausing the execution of attacker controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01551", "scoring_system": "epss", "scoring_elements": "0.8172", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615458", "reference_id": "615458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208", "reference_id": "CVE-2010-1208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35", "reference_id": "mfsa2010-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7fv-ggv2-aqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2198?format=api", "vulnerability_id": "VCID-g8pv-awkj-5bh8", "summary": "Security researcher echo reported that a web page\ncould open a window with an about:blank location and then inject an\n<isindex> element into that page which upon submission would\nredirect to a chrome: document. The effect of this defect was that\nthe original page would wind up with a reference to a\nchrome-privileged object, the opened window, which could be leveraged\nfor privilege escalation attacks.Mozilla security researcher moz_bug_r_a4 provided\nproof-of-concept code demonstrating how the above vulnerability could\nbe used to run arbitrary code with chrome privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02236", "scoring_system": "epss", "scoring_elements": "0.84816", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660417", "reference_id": "660417", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771", "reference_id": "CVE-2010-3771", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-76", "reference_id": "mfsa2010-76", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-76" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3771" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8pv-awkj-5bh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2237?format=api", "vulnerability_id": "VCID-g8ty-gg8e-nug5", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03504", "scoring_system": "epss", "scoring_elements": "0.87816", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4181" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181", "reference_id": "CVE-2012-4181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ty-gg8e-nug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2298?format=api", "vulnerability_id": "VCID-g9e6-nygw-wydy", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04114", "scoring_system": "epss", "scoring_elements": "0.88792", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4216" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634", "reference_id": "877634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216", "reference_id": "CVE-2012-4216", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4216" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g9e6-nygw-wydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2370?format=api", "vulnerability_id": "VCID-gb3u-y5z4-hyb7", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a use-after-free in the IME State Manager code. This could lead to a\npotentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06071", "scoring_system": "epss", "scoring_elements": "0.90885", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628", "reference_id": "863628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990", "reference_id": "CVE-2012-3990", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-87", "reference_id": "mfsa2012-87", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-87" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3990" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gb3u-y5z4-hyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70733?format=api", "vulnerability_id": "VCID-gch6-jznq-jqfs", "summary": "Mozilla: SPDY information disclosure (MFSA 2012-73)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=859827", "reference_id": "859827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859827" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3977" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gch6-jznq-jqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2159?format=api", "vulnerability_id": "VCID-gesr-3egw-kydd", "summary": "Google security researcher Chris Evans reported\nthat data can be read across domains by injecting bogus CSS selectors\ninto a target site and then retrieving the data using JavaScript APIs.\nIf an attacker can inject opening and closing portions of a CSS\nselector into points A and B of a target page, then the region between\nthe two injection points becomes readable to JavaScript through, for\nexample, the getComputedStyle() API.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.7241", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=568231", "reference_id": "568231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654", "reference_id": "CVE-2010-0654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46", "reference_id": "mfsa2010-46", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gesr-3egw-kydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2651?format=api", "vulnerability_id": "VCID-gm28-kdg7-bbgm", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05615", "scoring_system": "epss", "scoring_elements": "0.90464", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383", "reference_id": "CVE-2009-3383", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3383" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gm28-kdg7-bbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2280?format=api", "vulnerability_id": "VCID-gqcx-9dd1-y7ev", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01416", "scoring_system": "epss", "scoring_elements": "0.80869", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953", "reference_id": "CVE-2012-1953", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1953" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqcx-9dd1-y7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2669?format=api", "vulnerability_id": "VCID-gsqx-hgzq-77a3", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat it is possible to create a document whose URI does not match the\ndocument's principal using XMLHttpRequest. This type of\nmismatch leads to incorrect results in principal-based security\nchecks. An attacker could use this vulnerability to execute arbitrary\nJavaScript within the context of another site.moz_bug_r_a4 separately reported\nthat XPCNativeWrapper.toString's\n__proto__ comes from the wrong scope which results in\ncalls to that function being executed in the wrong context in certain\ncircumstances. An attacker could use this vulnerability to run\narbitrary code within the context of a different site. Alternatively,\nif chrome were to call content.toString.call(), then\nattacker-defined functions could be run with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01757", "scoring_system": "epss", "scoring_elements": "0.82906", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1309" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267", "reference_id": "496267", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309", "reference_id": "CVE-2009-1309", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-19", "reference_id": "mfsa2009-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1309" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqx-hgzq-77a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2152?format=api", "vulnerability_id": "VCID-h14f-dndv-g3db", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04749", "scoring_system": "epss", "scoring_elements": "0.89595", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3072" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688", "reference_id": "521688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072", "reference_id": "CVE-2009-3072", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3072" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h14f-dndv-g3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88948?format=api", "vulnerability_id": "VCID-h2c2-87br-k7h9", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2007-2436" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2c2-87br-k7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2169?format=api", "vulnerability_id": "VCID-h2zb-y8qu-rkhm", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a nsDOMAttribute\nnode can be modified without informing the iterator object responsible\nfor various DOM traversals. This flaw could lead to a inconsistent\nstate where the iterator points to an object it believes is part of\nthe DOM but actually points to some other object. If such an object\nhad been deleted and its memory reclaimed by the system, then the\niterator could be used to call into attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07145", "scoring_system": "epss", "scoring_elements": "0.91681", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660429", "reference_id": "660429", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766", "reference_id": "CVE-2010-3766", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-80", "reference_id": "mfsa2010-80", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-80" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2zb-y8qu-rkhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2881?format=api", "vulnerability_id": "VCID-h32a-d7jh-m7dq", "summary": "Security researcher Aki Helin reported a potentially\nexploitable crash in the YARR regular expression library used by JavaScript.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07734", "scoring_system": "epss", "scoring_elements": "0.92054", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232", "reference_id": "CVE-2011-3232", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-42", "reference_id": "mfsa2011-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-42" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3232" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h32a-d7jh-m7dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2369?format=api", "vulnerability_id": "VCID-h3nn-6nww-fubf", "summary": "Security researcher Karthikeyan Bhargavan of Prosecco at\nINRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP\nviolation reports generated by Firefox and sent to the \"report-uri\" location\ninclude sensitive data within the \"blocked-uri\" parameter. These include\nfragment components and query strings even if the \"blocked-uri\" parameter has a\ndifferent origin than the protected resource. This can be used to retrieve a\nuser's OAuth 2.0 access tokens and OpenID credentials by malicious sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01487", "scoring_system": "epss", "scoring_elements": "0.81339", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1963" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220", "reference_id": "840220", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963", "reference_id": "CVE-2012-1963", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53", "reference_id": "mfsa2012-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3nn-6nww-fubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2238?format=api", "vulnerability_id": "VCID-h632-fbq3-uqh5", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04752", "scoring_system": "epss", "scoring_elements": "0.89599", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182", "reference_id": "CVE-2012-4182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h632-fbq3-uqh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2341?format=api", "vulnerability_id": "VCID-hb8p-k984-2bbb", "summary": "Security researcher David Bloom of Cue discovered that\n<select> elements are always-on-top chromeless windows and\nthat navigation away from a page with an active <select> menu\ndoes not remove this window.When another menu is opened programmatically on a\nnew page, the original <select> menu can be retained and\narbitrary HTML content within it rendered, allowing an attacker to cover\narbitrary portions of the new page through absolute positioning/scrolling,\nleading to spoofing attacks. Security researcher Jordi Chancel\nfound a variation that would allow for click-jacking attacks was well.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01951", "scoring_system": "epss", "scoring_elements": "0.83758", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616", "reference_id": "863616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984", "reference_id": "CVE-2012-3984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-75", "reference_id": "mfsa2012-75", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-75" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hb8p-k984-2bbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2166?format=api", "vulnerability_id": "VCID-hcjp-8k4f-fuhf", "summary": "Security researcher Alexander Miller reported that\npassing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22551", "scoring_system": "epss", "scoring_elements": "0.95941", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642277", "reference_id": "642277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179", "reference_id": "CVE-2010-3179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html", "reference_id": "CVE-2010-3179;OSVDB-68850", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html" }, { "reference_url": "https://www.securityfocus.com/bid/44247/info", "reference_id": "CVE-2010-3179;OSVDB-68850", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/44247/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-65", "reference_id": "mfsa2010-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3179" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcjp-8k4f-fuhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2832?format=api", "vulnerability_id": "VCID-hdy1-ad14-9bdr", "summary": "Daniel Kozlowski reported that a\nJavaScript Worker could be used to keep a reference to an\nobject that could be freed during garbage collection. Subsequent\ncalls through this deleted reference could cause attacker-controlled\nmemory to be executed on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03949", "scoring_system": "epss", "scoring_elements": "0.88543", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675093", "reference_id": "675093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057", "reference_id": "CVE-2011-0057", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06", "reference_id": "mfsa2011-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0057" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdy1-ad14-9bdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2311?format=api", "vulnerability_id": "VCID-heem-dnwk-ufby", "summary": "Google developer Tony Payne reported an out of bounds (OOB)\nread in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67977", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840213", "reference_id": "840213", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960", "reference_id": "CVE-2012-1960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50", "reference_id": "mfsa2012-50", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1960" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-heem-dnwk-ufby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2622?format=api", "vulnerability_id": "VCID-hfwt-3n83-8yaz", "summary": "Security researcher Prateek Saxena reported that a\nmalicious MozSearch plugin could be created using a javascript: URI in\nthe SearchForm value. This URI is used as the default\nlanding page when an empty search is performed. If an attacker could\nget a user to install the malicious plugin and perform an empty\nsearch, the SearchForm javascript: URI would be executed\nwithin the context of the currently open page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75342", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1310" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496270", "reference_id": "496270", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310", "reference_id": "CVE-2009-1310", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-20", "reference_id": "mfsa2009-20", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1310" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfwt-3n83-8yaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2846?format=api", "vulnerability_id": "VCID-hm86-1bfs-uub7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00542", "scoring_system": "epss", "scoring_elements": "0.67968", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990", "reference_id": "CVE-2011-2990", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2990" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm86-1bfs-uub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2144?format=api", "vulnerability_id": "VCID-hnqn-9dyg-fyaf", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06167", "scoring_system": "epss", "scoring_elements": "0.90964", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810", "reference_id": "590810", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202", "reference_id": "CVE-2010-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnqn-9dyg-fyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2282?format=api", "vulnerability_id": "VCID-hpes-a26j-eubg", "summary": "magicant starmen reported that if a user chooses to\nexport their Firefox Sync key the \"Firefox Recovery Key.html\" file is\nsaved with incorrect permissions, making the file contents potentially\nreadable by other users on Linux and OS X systems.\nFirefox 3.6 is not affected by this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21751", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450", "reference_id": "CVE-2012-0450", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09", "reference_id": "mfsa2012-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0450" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpes-a26j-eubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2790?format=api", "vulnerability_id": "VCID-hq8b-hhzz-zyag", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700613", "reference_id": "700613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077", "reference_id": "CVE-2011-0077", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0077" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq8b-hhzz-zyag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71605?format=api", "vulnerability_id": "VCID-hs89-asjt-xqdy", "summary": "nss: /pkcs11.txt and /secmod.db files read on initialization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56923", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614", "reference_id": "647614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=748379", "reference_id": "748379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=748379" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3640" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs89-asjt-xqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2209?format=api", "vulnerability_id": "VCID-huw3-d12r-6yb5", "summary": "Security researcher Yosuke Hasegawa reported that\nthe Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could\nbe used by an attacker to steal information from other sites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40141", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1213" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615471", "reference_id": "615471", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213", "reference_id": "CVE-2010-1213", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42", "reference_id": "mfsa2010-42", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1213" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huw3-d12r-6yb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2614?format=api", "vulnerability_id": "VCID-hvvv-dc2z-r7ed", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03284", "scoring_system": "epss", "scoring_elements": "0.87404", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743", "reference_id": "552743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378", "reference_id": "CVE-2009-3378", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvvv-dc2z-r7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2603?format=api", "vulnerability_id": "VCID-hw8a-1fyr-5uda", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06345", "scoring_system": "epss", "scoring_elements": "0.91124", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690", "reference_id": "521690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074", "reference_id": "CVE-2009-3074", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47", "reference_id": "mfsa2009-47", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hw8a-1fyr-5uda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2791?format=api", "vulnerability_id": "VCID-hx1c-5urc-q7ar", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04216", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700603", "reference_id": "700603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078", "reference_id": "CVE-2011-0078", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0078" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hx1c-5urc-q7ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2141?format=api", "vulnerability_id": "VCID-hxra-yff9-r3fr", "summary": "Mozilla developer Daniel Holbert reported that the\nfix to the plugin parameter array crash that was fixed in Firefox\n3.6.7 caused a crash showing signs of memory corruption. In certain\ncircumstances, properties in the plugin instance's parameter array\ncould be freed prematurely leaving a dangling pointer that the plugin\ncould execute, potentially calling into attacker-controlled\nmemory.Firefox 3.5.11 was also affected by the regression\nbut the equivalent pointer was always initialized to NULL and \nnot exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10163", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=617657", "reference_id": "617657", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=617657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755", "reference_id": "CVE-2010-2755", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-48", "reference_id": "mfsa2010-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0556", "reference_id": "RHSA-2010:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0557", "reference_id": "RHSA-2010:0557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0558", "reference_id": "RHSA-2010:0558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0558" }, { "reference_url": "https://usn.ubuntu.com/930-6/", "reference_id": "USN-930-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-6/" }, { "reference_url": "https://usn.ubuntu.com/957-2/", "reference_id": "USN-957-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2755" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxra-yff9-r3fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78386?format=api", "vulnerability_id": "VCID-j2cc-ej51-4fat", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66281", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5822" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5822" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2cc-ej51-4fat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2375?format=api", "vulnerability_id": "VCID-j2te-qzzx-kkay", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85328", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000", "reference_id": "815000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467", "reference_id": "CVE-2012-0467", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20", "reference_id": "mfsa2012-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0467" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2te-qzzx-kkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2884?format=api", "vulnerability_id": "VCID-j5hf-agzm-8bfj", "summary": "Mozilla developer Bas Schouten reported that the\nintroduction of the \"Azure\" graphics back-end on Windows in Firefox 7\nre-introduced the cross-origin data theft issue reported by\nnasalislarvatus3000 as described in \nMFSA 2011-29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49748", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649", "reference_id": "CVE-2011-3649", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-50", "reference_id": "mfsa2011-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3649" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5hf-agzm-8bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2612?format=api", "vulnerability_id": "VCID-j86k-vcuv-5uhe", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07", "scoring_system": "epss", "scoring_elements": "0.91594", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3377" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=531770", "reference_id": "531770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377", "reference_id": "CVE-2009-3377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j86k-vcuv-5uhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2886?format=api", "vulnerability_id": "VCID-jh6n-bau7-byhg", "summary": "Mozilla developer Boris Zbarsky reported that a frame\nnamed \"location\" could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the frame\nwas created. Because some plugins use the value of window.location to determine\nthe page origin this could fool the plugin into granting the plugin content\naccess to another site or the local file system in violation of the Same Origin\nPolicy. This flaw allows circumvention of the fix added for\nMFSA 2010-10.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00722", "scoring_system": "epss", "scoring_elements": "0.72835", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2999" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741904", "reference_id": "741904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999", "reference_id": "CVE-2011-2999", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-38", "reference_id": "mfsa2011-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1343", "reference_id": "RHSA-2011:1343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1344", "reference_id": "RHSA-2011:1344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1344" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2999" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6n-bau7-byhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2447?format=api", "vulnerability_id": "VCID-jhgh-37q6-17fm", "summary": "Security researcher Billy Hoffman discovered a bug in the XBM decoder that allowed random small chunks of uninitialized memory to be read. The severity of this bug was low and did not appear to cause any memory corruption.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4069", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80007", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4069" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463251", "reference_id": "463251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463251" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069", "reference_id": "CVE-2008-4069", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-45", "reference_id": "mfsa2008-45", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4069" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhgh-37q6-17fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2192?format=api", "vulnerability_id": "VCID-jjg5-q8kj-yyg9", "summary": "Security researcher Eduardo Vela Nava reported that\nif a web page opened a new window and used a javascript: URL to make a\nmodal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow. This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another web site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00855", "scoring_system": "epss", "scoring_elements": "0.75272", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642294", "reference_id": "642294", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178", "reference_id": "CVE-2010-3178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-69", "reference_id": "mfsa2010-69", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3178" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjg5-q8kj-yyg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2306?format=api", "vulnerability_id": "VCID-jjza-54cz-9kcg", "summary": "Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a\ndata: URL. In this issue, context menu functionality (\"View Image\", \"Show only this frame\", and \"View background image\") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01351", "scoring_system": "epss", "scoring_elements": "0.80397", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840207", "reference_id": "840207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840207" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966", "reference_id": "CVE-2012-1966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-46", "reference_id": "mfsa2012-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjza-54cz-9kcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2624?format=api", "vulnerability_id": "VCID-jkjk-6r2p-jbcu", "summary": "Mozilla developer Blake Kaplan reported\nthat setTimeout, when called with certain object\nparameters which should be protected with\na XPCNativeWrapper, will fail to keep the object wrapped\nwhen compiling the new function to be executed. If chrome privileged\ncode were to call setTimeout using this as\nan argument, the this object will lose its wrapper and\ncould be unsafely accessed by chrome code. An attacker could use such\nvulnerable code to run arbitrary JavaScript with chrome\nprivileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02113", "scoring_system": "epss", "scoring_elements": "0.8439", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2471" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512146", "reference_id": "512146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471", "reference_id": "CVE-2009-2471", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-39", "reference_id": "mfsa2009-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2471" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkjk-6r2p-jbcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2451?format=api", "vulnerability_id": "VCID-jkxv-jgzt-yue7", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04686", "scoring_system": "epss", "scoring_elements": "0.8951", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5512" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476287", "reference_id": "476287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512", "reference_id": "CVE-2008-5512", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68", "reference_id": "mfsa2008-68", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5512" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkxv-jgzt-yue7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2118?format=api", "vulnerability_id": "VCID-jn2a-9g3e-pqc4", "summary": "Google security researcher Michal Zalewski\nreported that focus() could be used to change a user's\ncursor focus while they are typing, potentially directing their\nkeyboard input to an unintended location. This behavior was also\npresent across origins when content from one domain was embedded\nwithin another via an iframe. A malicious web page could use this\nbehavior to steal keystrokes from a victim while they were typing\nsensitive information such as a password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02114", "scoring_system": "epss", "scoring_elements": "0.84391", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1125" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584", "reference_id": "577584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125", "reference_id": "CVE-2010-1125", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-31", "reference_id": "mfsa2010-31", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1125" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jn2a-9g3e-pqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88956?format=api", "vulnerability_id": "VCID-jrca-ffpb-yuhd", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.5353", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2065" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2065" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrca-ffpb-yuhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2643?format=api", "vulnerability_id": "VCID-junk-cvrr-h3ey", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07324", "scoring_system": "epss", "scoring_elements": "0.91803", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488273", "reference_id": "488273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772", "reference_id": "CVE-2009-0772", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0772" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-junk-cvrr-h3ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2587?format=api", "vulnerability_id": "VCID-jx4t-39du-9khz", "summary": "Mozilla add-on developer and community member Wladimir\nPalant reported that content-loading policies were not\nchecked before loading external script files into XUL documents.\nThe severity of this problem would depend on the reasons behind the\ncontent policy check, which include privacy from \"web bugs\" in\nThunderbird mail messages, blocking of Ads and Ad-server tracking\nin AdBlock Plus.The original version of this advisory incorrectly claimed\nthat NoScript protection could by bypassed; NoScript was unaffected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80651", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1840" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503582", "reference_id": "503582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503582" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840", "reference_id": "CVE-2009-1840", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31", "reference_id": "mfsa2009-31", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1840" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jx4t-39du-9khz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78391?format=api", "vulnerability_id": "VCID-jy4c-hf8h-zbg3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10859", "scoring_system": "epss", "scoring_elements": "0.93493", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html", "reference_id": "OSVDB-52657;CVE-2009-0071", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jy4c-hf8h-zbg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2471?format=api", "vulnerability_id": "VCID-jzxs-ubpc-kkhq", "summary": "Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed. The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped. This issue could potentially be used to bypass naive script filtering and used in an XSS attack. This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01204", "scoring_system": "epss", "scoring_elements": "0.79244", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4066" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463243", "reference_id": "463243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463243" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066", "reference_id": "CVE-2008-4066", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43", "reference_id": "mfsa2008-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4066" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzxs-ubpc-kkhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2658?format=api", "vulnerability_id": "VCID-jzxt-hzwv-a3ay", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that the default Windows font used to render the locationbar\nand other text fields was improperly displaying certain Unicode\ncharacters with tall line-height. In such cases the tall line-height\nwould cause the rest of the text in the input field to be scrolled\nvertically out of view. An attacker could use this vulnerability to\nprevent a user from seeing the URL of a malicious site.Corrie Sloot also independently reported this\nissue to Mozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.82725", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3078" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694", "reference_id": "521694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078", "reference_id": "CVE-2009-3078", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50", "reference_id": "mfsa2009-50", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3078" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzxt-hzwv-a3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2636?format=api", "vulnerability_id": "VCID-k4bn-xfgy-a3en", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04407", "scoring_system": "epss", "scoring_elements": "0.89178", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980", "reference_id": "CVE-2009-3980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4bn-xfgy-a3en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2591?format=api", "vulnerability_id": "VCID-k6sa-x522-yba2", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15734", "scoring_system": "epss", "scoring_elements": "0.94829", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568", "reference_id": "503568", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392", "reference_id": "CVE-2009-1392", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1392" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6sa-x522-yba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2277?format=api", "vulnerability_id": "VCID-k7qg-pc6m-3fde", "summary": "Vitaly Nevgen reported that an attacker could replace a\nsub-frame in another domain's document by using the name attribute of the\nsub-frame as a form submission target. This can potentially allow for phishing\nattacks against users and violates the HTML5 frame navigation policy.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67742", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445", "reference_id": "CVE-2012-0445", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03", "reference_id": "mfsa2012-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0445" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qg-pc6m-3fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2271?format=api", "vulnerability_id": "VCID-k8gc-ufm1-9ffn", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00962", "scoring_system": "epss", "scoring_elements": "0.76793", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195", "reference_id": "CVE-2012-4195", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4195" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8gc-ufm1-9ffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2421?format=api", "vulnerability_id": "VCID-k9js-qqg1-pyfh", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20193", "scoring_system": "epss", "scoring_elements": "0.95605", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470884", "reference_id": "470884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018", "reference_id": "CVE-2008-5018", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5018" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9js-qqg1-pyfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88958?format=api", "vulnerability_id": "VCID-ka4t-w5r8-43hu", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47687", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3400" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ka4t-w5r8-43hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2868?format=api", "vulnerability_id": "VCID-kevz-hbn8-4ybv", "summary": "sczimmer reported a crash when scaling an OGG\n<video> element to extreme sizes.\nFirefox 3.6 is not affected by this vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03707", "scoring_system": "epss", "scoring_elements": "0.88158", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3665" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665", "reference_id": "CVE-2011-3665", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58", "reference_id": "mfsa2011-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3665" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kevz-hbn8-4ybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2219?format=api", "vulnerability_id": "VCID-kkaz-32r9-4fhc", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\narbitrary code execution attack using a javascript: URL. The Gecko\nengine features a JavaScript sandbox utility that allows the browser or add-ons\nto safely execute script in the context of a web page. In certain cases,\njavascript: URLs are executed in such a sandbox with insufficient\ncontext that can allow those scripts to escape from the sandbox and run with\nelevated privilege. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1967", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03399", "scoring_system": "epss", "scoring_elements": "0.87615", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1967" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259", "reference_id": "840259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967", "reference_id": "CVE-2012-1967", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56", "reference_id": "mfsa2012-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1967" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkaz-32r9-4fhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2596?format=api", "vulnerability_id": "VCID-knbx-h6rk-9qfu", "summary": "Mozilla discovered several bugs in liboggplay which posed potential\nmemory safety issues. The bugs which were fixed could potentially be\nused by an attacker to crash a victim's browser and execute arbitrary\ncode on their computer.Audio and Video capabilities were added to the Mozilla browser\nengine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of\nthese products were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02632", "scoring_system": "epss", "scoring_elements": "0.85943", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=548539", "reference_id": "548539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743", "reference_id": "575743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388", "reference_id": "CVE-2009-3388", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66", "reference_id": "mfsa2009-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3388" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knbx-h6rk-9qfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2847?format=api", "vulnerability_id": "VCID-knur-edxh-4ydw", "summary": "Independent security researcher Kuza55 and\nMicrosoft security researcher Tom Gallagher reported\nthat when plugin-initiated requests receive a 307 redirect response,\nthe plugin is not notified and the request is forwarded to the new\nlocation. This is true even for cross-site redirects, so any custom\nheaders that were added as part of the initial request would be\nforwarded intact across origins. This poses a CSRF risk for web\napplications that rely on custom headers only being present in\nrequests from their own origin.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45732", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0059" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=681369", "reference_id": "681369", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059", "reference_id": "CVE-2011-0059", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10", "reference_id": "mfsa2011-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0059" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knur-edxh-4ydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2633?format=api", "vulnerability_id": "VCID-kr3x-4kyw-rbcv", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XPCOM utility XPCVariant::VariantDataToJS\nunwrapped doubly-wrapped objects before returning them to chrome\ncallers. This could result in chrome privileged code calling methods\non an object which had previously been created or modified by web\ncontent, potentially executing malicious JavaScript code with chrome\nprivileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75789", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3374" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530157", "reference_id": "530157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374", "reference_id": "CVE-2009-3374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57", "reference_id": "mfsa2009-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kr3x-4kyw-rbcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2593?format=api", "vulnerability_id": "VCID-ksst-4srh-c3eu", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1037", "scoring_system": "epss", "scoring_elements": "0.93322", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570", "reference_id": "503570", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833", "reference_id": "CVE-2009-1833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksst-4srh-c3eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2199?format=api", "vulnerability_id": "VCID-kts9-w6sz-kkbj", "summary": "Security researcher wushi of team509 reported that\nthe frame construction process for certain types of menus could result\nin a menu containing a pointer to a previously freed menu item.\nDuring the cycle collection process, this freed item could be accessed,\nresulting in the execution of a section of code potentially controlled\nby an attacker.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.90113", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590822", "reference_id": "590822", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183", "reference_id": "CVE-2010-0183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-27", "reference_id": "mfsa2010-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0183" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kts9-w6sz-kkbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2419?format=api", "vulnerability_id": "VCID-kufy-1tyw-4qa2", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21255", "scoring_system": "epss", "scoring_elements": "0.95776", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470881", "reference_id": "470881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016", "reference_id": "CVE-2008-5016", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52", "reference_id": "mfsa2008-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5016" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kufy-1tyw-4qa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2653?format=api", "vulnerability_id": "VCID-kvaw-h1xw-vuf5", "summary": "Security researchers Adam Barth and Collin\nJackson reported that when a file: resource is\nloaded via the location bar it inherits the principal of the\npreviously loaded document. This vulnerability can potentially give\nthe newly loaded document additional privileges to access the contents\nof other local files that it wouldn't otherwise have permission to read.\nA potential victim would first have to have downloaded the attackers\ndocument to their local machine. Then the victim would have to open another\ndocument in a directory of interest to the attacker before opening the\nattacker's file in the same window.\nPrior to version 3.0, Firefox (like browsers from other\nvendors) treated all local files as having the same origin without\nrestriction. This vulnerability is a partial bypass of the restrictions\nimplemented in Firefox 3.0", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15161", "scoring_system": "epss", "scoring_elements": "0.94708", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503581", "reference_id": "503581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839", "reference_id": "CVE-2009-1839", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html", "reference_id": "CVE-2009-1839;OSVDB-55163", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30", "reference_id": "mfsa2009-30", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1839" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvaw-h1xw-vuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2173?format=api", "vulnerability_id": "VCID-kvg8-pa7m-2bfg", "summary": "Security researcher Richard Moore reported that\nwhen an SSL certificate was created with a common name containing a\nwildcard followed by a partial IP address a valid SSL connection could be\nestablished with a server whose IP address matched the wildcard range\nby browsing directly to the IP address. It is extremely unlikely that\nsuch a certificate would be issued by a Certificate Authority.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01158", "scoring_system": "epss", "scoring_elements": "0.7888", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630047", "reference_id": "630047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170", "reference_id": "CVE-2010-3170", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-70", "reference_id": "mfsa2010-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0862", "reference_id": "RHSA-2010:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0862" }, { "reference_url": "https://usn.ubuntu.com/1007-1/", "reference_id": "USN-1007-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1007-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvg8-pa7m-2bfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2440?format=api", "vulnerability_id": "VCID-kws9-mf7a-syh8", "summary": "Mozilla developer Georgi Guninski reported that\nthe canvas element could be used in conjunction with an HTTP redirect\nto bypass same-origin restrictions and gain access to the content in\narbitrary images from other domains. This vulnerability could be used\nby an attacker to steal private information from a victim who is\nlogged into a website that stores the data in images.Security researchers Michal Zalewski\nand Chris Evans also reported an additional threat\ncaused by this vulnerability in which an attacker can enumerate the\nsoftware installed on a victim's computer by using moz-icon as the\nredirection target.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05969", "scoring_system": "epss", "scoring_elements": "0.90796", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5012" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470864", "reference_id": "470864", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012", "reference_id": "CVE-2008-5012", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-48", "reference_id": "mfsa2008-48", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5012" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kws9-mf7a-syh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2430?format=api", "vulnerability_id": "VCID-kzjq-mq5p-w7em", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in\nnsXMLHttpRequest::NotifyEventListeners() could be\nbypassed. This vulnerability could be used to execute JavaScript in\nthe context of a different website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13446", "scoring_system": "epss", "scoring_elements": "0.94316", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470895", "reference_id": "470895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022", "reference_id": "CVE-2008-5022", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-56", "reference_id": "mfsa2008-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5022" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzjq-mq5p-w7em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74937?format=api", "vulnerability_id": "VCID-m29z-y4um-wqbf", "summary": "security flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18653", "scoring_system": "epss", "scoring_elements": "0.95381", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5052" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618336", "reference_id": "1618336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618336" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5052" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m29z-y4um-wqbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2313?format=api", "vulnerability_id": "VCID-m7sq-29rx-pff5", "summary": "Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8084", "scoring_system": "epss", "scoring_elements": "0.9917", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3993" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623", "reference_id": "863623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993", "reference_id": "CVE-2012-3993", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb", "reference_id": "CVE-2012-3993;OSVDB-96019;CVE-2013-1710", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb", "reference_id": "CVE-2012-3993;OSVDB-96019;CVE-2013-1710", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83", "reference_id": "mfsa2012-83", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3993" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7sq-29rx-pff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2325?format=api", "vulnerability_id": "VCID-mbgs-b2qj-ukg1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02093", "scoring_system": "epss", "scoring_elements": "0.8431", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961", "reference_id": "CVE-2012-3961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbgs-b2qj-ukg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2793?format=api", "vulnerability_id": "VCID-mcy6-z48m-tufs", "summary": "David Remahl of Apple Product Security reported\nthat the Java Embedding Plugin (JEP) shipped with the Mac OS X versions\nof Firefox could be exploited to obtain elevated access to resources on\na user's system.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60376", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076", "reference_id": "CVE-2011-0076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15", "reference_id": "mfsa2011-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcy6-z48m-tufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2179?format=api", "vulnerability_id": "VCID-mfbd-41mr-7kg5", "summary": "Security researcher regenrecht reported (via TippingPoint's\nZero Day Initiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although\nno exploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07524", "scoring_system": "epss", "scoring_elements": "0.91929", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164", "reference_id": "CVE-2010-0164", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09", "reference_id": "mfsa2010-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfbd-41mr-7kg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2425?format=api", "vulnerability_id": "VCID-mftz-nzj1-hudz", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02887", "scoring_system": "epss", "scoring_elements": "0.86551", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4063" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463203", "reference_id": "463203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063", "reference_id": "CVE-2008-4063", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4063" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mftz-nzj1-hudz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2236?format=api", "vulnerability_id": "VCID-mh43-ax68-gkhz", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09485", "scoring_system": "epss", "scoring_elements": "0.92957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180", "reference_id": "CVE-2012-4180", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4180" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mh43-ax68-gkhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2852?format=api", "vulnerability_id": "VCID-mj22-p5cg-43c3", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0279", "scoring_system": "epss", "scoring_elements": "0.86331", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2364" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364", "reference_id": "CVE-2011-2364", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2364" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj22-p5cg-43c3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2833?format=api", "vulnerability_id": "VCID-mm8q-zcef-e3g1", "summary": "sczimmer reported that Firefox crashed when loading\na particular .ogg file. This was due to a use-after-free\ncondition and could potentially be exploited to install malware.\nThis vulnerability does not affect Firefox 3.6 or earlier.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89071", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005", "reference_id": "CVE-2011-3005", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-44", "reference_id": "mfsa2011-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-44" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3005" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm8q-zcef-e3g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2786?format=api", "vulnerability_id": "VCID-mmc8-9gbv-fbat", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04133", "scoring_system": "epss", "scoring_elements": "0.88824", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700640", "reference_id": "700640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070", "reference_id": "CVE-2011-0070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmc8-9gbv-fbat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2158?format=api", "vulnerability_id": "VCID-mmw9-8yss-vke8", "summary": "Security researcher Ilja van Sprundel of IOActive\nreported that the Content-Disposition: attachment HTTP\nheader was ignored when Content-Type: multipart was also\npresent. This issue could potentially lead to XSS problems in sites\nthat allow users to upload arbitrary files and specify a Content-Type\nbut rely on Content-Disposition: attachment to prevent\nthe content from being displayed inline.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01032", "scoring_system": "epss", "scoring_elements": "0.77638", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850", "reference_id": "590850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197", "reference_id": "CVE-2010-1197", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-32", "reference_id": "mfsa2010-32", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0499", "reference_id": "RHSA-2010:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1197" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmw9-8yss-vke8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2239?format=api", "vulnerability_id": "VCID-ms5v-jk9f-dkbd", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02721", "scoring_system": "epss", "scoring_elements": "0.86181", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625", "reference_id": "863625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183", "reference_id": "CVE-2012-4183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85", "reference_id": "mfsa2012-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-85" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4183" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ms5v-jk9f-dkbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2598?format=api", "vulnerability_id": "VCID-n4t4-2b9j-hqa1", "summary": "Mozilla add-on developer and community member Wladimir\nPalant reported broken functionality on pages that had a\nLink: HTTP header when an add-on was installed\nwhich implemented a Content Policy in JavaScript, such\nas AdBlock Plus or NoScript. Mozilla security\nresearcher moz_bug_r_a4 demonstrated that the broken\nfunctionality was due to the window's global object\nreceiving an incorrect security wrapper and that this issue could be\nused to execute arbitrary JavaScript with chrome privileges.This vulnerability does not affect Firefox\nprior to version 3.5", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80476", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665", "reference_id": "CVE-2009-2665", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-46", "reference_id": "mfsa2009-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2665" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4t4-2b9j-hqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2283?format=api", "vulnerability_id": "VCID-n5sw-3tyh-nbcm", "summary": "Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00795", "scoring_system": "epss", "scoring_elements": "0.7427", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877625", "reference_id": "877625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205", "reference_id": "CVE-2012-4205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97", "reference_id": "mfsa2012-97", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5sw-3tyh-nbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2655?format=api", "vulnerability_id": "VCID-n5xr-5qvw-2yah", "summary": "Security researcher Nils reported via\nTippingPoint's Zero Day Initiative that the XUL tree\nmethod _moveToEdgeShift was in some cases triggering\ngarbage collection routines on objects which were still in use. In\nsuch cases, the browser would crash when attempting to access a\npreviously destroyed object and this crash could be used by an\nattacker to run arbitrary code on a victim's computer.This vulnerability was used by the reporter to win the\n2009 CanSecWest Pwn2Own contest.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07842", "scoring_system": "epss", "scoring_elements": "0.92112", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1044" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=492212", "reference_id": "492212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044", "reference_id": "CVE-2009-1044", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-13", "reference_id": "mfsa2009-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0397", "reference_id": "RHSA-2009:0397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0398", "reference_id": "RHSA-2009:0398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0398" }, { "reference_url": "https://usn.ubuntu.com/745-1/", "reference_id": "USN-745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5xr-5qvw-2yah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2353?format=api", "vulnerability_id": "VCID-n747-sujq-tqgf", "summary": "Mozilla community member Daniel Glazman of Disruptive\nInnovations reported a crash when accessing a keyframe's cssText after dynamic\nmodification. This crash may be potentially exploitable.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03436", "scoring_system": "epss", "scoring_elements": "0.87683", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803112", "reference_id": "803112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459", "reference_id": "CVE-2012-0459", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-17", "reference_id": "mfsa2012-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0459" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n747-sujq-tqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2221?format=api", "vulnerability_id": "VCID-n7vg-xm1u-qkcq", "summary": "Security researcher Mark Poticha reported an issue where\nincorrect SSL certificate information can be displayed on the addressbar,\nshowing the SSL data for a previous site while another has been loaded. This is\ncaused by two onLocationChange events being fired out of the expected order,\nleading to the displayed certificate data to not be updated. This can be used\nfor phishing attacks by allowing the user to input form or other data on a\nnewer, attacking, site while the credentials of an older site appear on the\naddressbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.73923", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3976" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851931", "reference_id": "851931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976", "reference_id": "CVE-2012-3976", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69", "reference_id": "mfsa2012-69", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3976" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7vg-xm1u-qkcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2230?format=api", "vulnerability_id": "VCID-n9a3-1qv2-6yfw", "summary": "Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75469", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=865283", "reference_id": "865283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192", "reference_id": "CVE-2012-4192", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89", "reference_id": "mfsa2012-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-89" }, { "reference_url": "https://usn.ubuntu.com/1608-1/", "reference_id": "USN-1608-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1608-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4192" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9a3-1qv2-6yfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88963?format=api", "vulnerability_id": "VCID-najm-etj8-sffz", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00616", "scoring_system": "epss", "scoring_elements": "0.70247", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1994" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1994" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-najm-etj8-sffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2454?format=api", "vulnerability_id": "VCID-ncyn-54s5-yqcw", "summary": "ling and wushi of team509, via\nTippingPoint's Zero Day Initiative program, reported a flaw in part of\nMozilla's DOM constructing code. This vulnerability can be exploited\nby modifying certain properties of a file input element before it has\nfinished initializing. When the blur method of the\nmodified input element is called, uninitialized memory is accessed by\nthe browser, resulting in a crash. This crash may be used by an\nattacker to run arbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23762", "scoring_system": "epss", "scoring_elements": "0.96097", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470894", "reference_id": "470894", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021", "reference_id": "CVE-2008-5021", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55", "reference_id": "mfsa2008-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5021" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncyn-54s5-yqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2866?format=api", "vulnerability_id": "VCID-nd55-spy5-9qau", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.81161", "scoring_system": "epss", "scoring_elements": "0.99184", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0073" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700619", "reference_id": "700619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073", "reference_id": "CVE-2011-0073", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/ZDI-11-157/", "reference_id": "CVE-2011-0073;OSVDB-72087", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-157/" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0473", "reference_id": "RHSA-2011:0473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0474", "reference_id": "RHSA-2011:0474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd55-spy5-9qau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2321?format=api", "vulnerability_id": "VCID-nesy-7bkx-87ax", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02961", "scoring_system": "epss", "scoring_elements": "0.86719", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957", "reference_id": "CVE-2012-3957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3957" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nesy-7bkx-87ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73917?format=api", "vulnerability_id": "VCID-nf5h-hc8m-gyax", "summary": "Seamonkey: NULL pointer dereference in GIF decoder", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71852", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3978" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=547292", "reference_id": "547292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547292" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3978" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf5h-hc8m-gyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2188?format=api", "vulnerability_id": "VCID-nhbn-aqde-vue5", "summary": "Mozilla cryptographer Nelson Bolyard reported that\nthe SSL implementation was permitting servers to use Diffie-Hellman\nEphemeral mode (DHE) with too short of a minimum key length. DHE keys\nof such lengths are trivially breakable on modern hardware so SSL\nservers operating in this mode were providing very little effective\nsecurity for their clients.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02315", "scoring_system": "epss", "scoring_elements": "0.85043", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3173" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642302", "reference_id": "642302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173", "reference_id": "CVE-2010-3173", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-72", "reference_id": "mfsa2010-72", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-72" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://usn.ubuntu.com/1007-1/", "reference_id": "USN-1007-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1007-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3173" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbn-aqde-vue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2444?format=api", "vulnerability_id": "VCID-nhpz-urjv-bfet", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02018", "scoring_system": "epss", "scoring_elements": "0.84036", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4060" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463198", "reference_id": "463198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463198" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060", "reference_id": "CVE-2008-4060", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4060" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhpz-urjv-bfet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2348?format=api", "vulnerability_id": "VCID-nkdg-ez7k-7qdh", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.86893", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940", "reference_id": "CVE-2012-1940", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1940" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkdg-ez7k-7qdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88960?format=api", "vulnerability_id": "VCID-nnck-qb21-3ueg", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39132", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-5074" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-5074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnck-qb21-3ueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2119?format=api", "vulnerability_id": "VCID-nqeq-nees-u3dk", "summary": "Security researcher Paul Stone reported that when\nan HTML selection containing JavaScript is copy-and-pasted or dropped\nonto a document with designMode enabled the JavaScript will be\nexecuted within the context of the site where the code was dropped. A\nmalicious site could leverage this issue in an XSS attack by\npersuading a user into taking such an action and in the process\nrunning malicious JavaScript within the context of another site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01267", "scoring_system": "epss", "scoring_elements": "0.79772", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630075", "reference_id": "630075", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769", "reference_id": "CVE-2010-2769", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62", "reference_id": "mfsa2010-62", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2769" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqeq-nees-u3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2620?format=api", "vulnerability_id": "VCID-nwhc-qysh-3qfk", "summary": "Security researcher Gregory Fleischer reported\nthat the exception messages generated by\nMozilla's GeckoActiveXObject differ based on whether or\nnot the requested COM object's ProgID is present in the system\nregistry. A malicious site could use this vulnerability to enumerate\na list of COM objects installed on a user's system and create a\nprofile to track the user across browsing sessions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.74547", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3987" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546729", "reference_id": "546729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987", "reference_id": "CVE-2009-3987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71", "reference_id": "mfsa2009-71", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3987" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwhc-qysh-3qfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2623?format=api", "vulnerability_id": "VCID-nwkn-p5sh-jbhk", "summary": "Mozilla add-on developer Pavel Cvrcek reported\nthat certain invalid unicode characters, when used as part of an IDN,\nare displayed as whitespace in the location bar. This whitespace\ncould be used to force part of the URL out of view in the location\nbar. An attacker could use this vulnerability to spoof the location\nbar and display a misleading URL for their malicious web page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11374", "scoring_system": "epss", "scoring_elements": "0.9367", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1834" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573", "reference_id": "503573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834", "reference_id": "CVE-2009-1834", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt", "reference_id": "CVE-2009-1834;OSVDB-55162", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35388/info", "reference_id": "CVE-2009-1834;OSVDB-55162", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35388/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25", "reference_id": "mfsa2009-25", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1834" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwkn-p5sh-jbhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2862?format=api", "vulnerability_id": "VCID-nxgs-2jdy-sbbp", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87676", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2363" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363", "reference_id": "CVE-2011-2363", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2363" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxgs-2jdy-sbbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2134?format=api", "vulnerability_id": "VCID-nyu8-zhfr-ubhx", "summary": "Security researcher Haifei Li of FortiGuard Labs\nreported that Firefox could be used to load a malicious code library\nthat had been planted on a victim's computer. Firefox attempts to\nload dwmapi.dll upon startup as part of its platform detection, so on\nsystems that don't have this library, such as Windows XP, Firefox will\nsubsequently attempt to load the library from the current working\ndirectory. An attacker could use this vulnerability to trick a user\ninto downloading a HTML file and a malicious copy of dwmapi.dll into\nthe same directory on their computer and opening the HTML file with\nFirefox, thus causing the malicious code to be executed. If the\nattacker was on the same network as the victim, the malicious DLL\ncould also be loaded via a UNC path. This DLL is only loaded at\nstartup so a successful attack requires that Firefox not currently\nbe running when it is asked to open the HTML\nfile and accompanying DLL.This issue was also independently reported to Mozilla\nby Acros Security. After the issue became public a\nnumber of other community members contacted Mozilla to report the\nissue.Firefox users on Windows Vista or Windows 7\nwere not vulnerable to this attack because dwmapi.dll is part\nof the OS in Vista and later versions and the legitimate copy\nis successfully loaded by\nFirefox before attempting to load the planted DLL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10225", "scoring_system": "epss", "scoring_elements": "0.93263", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131", "reference_id": "CVE-2010-3131", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c", "reference_id": "CVE-2010-3131;OSVDB-67502", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c", "reference_id": "CVE-2010-3131;OSVDB-67502", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52", "reference_id": "mfsa2010-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyu8-zhfr-ubhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2640?format=api", "vulnerability_id": "VCID-p51y-by4w-qyd7", "summary": "An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, reported that the columns of a XUL tree element could be\nmanipulated in a particular way which would leave a pointer owned by\nthe column pointing to freed memory. An attacker could potentially\nuse this vulnerability to crash a victim's browser and run arbitrary\ncode on the victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0543", "scoring_system": "epss", "scoring_elements": "0.903", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693", "reference_id": "521693", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077", "reference_id": "CVE-2009-3077", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49", "reference_id": "mfsa2009-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3077" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p51y-by4w-qyd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2232?format=api", "vulnerability_id": "VCID-p5zn-r2n7-8ugt", "summary": "Security researcher Paul Stone reported an attack where an\nHTML page hosted on a Windows share and then loaded could then load Windows\nshortcut files (.lnk) in the same share. These shortcut files could then link to\narbitrary locations on the local file system of the individual loading the HTML\npage. That page could show the contents of these linked files or directories\nfrom the local file system in an iframe, causing information disclosure.\nThis issue could potentially affect Linux machines with samba\nshares enabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40971", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1945" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831", "reference_id": "827831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945", "reference_id": "CVE-2012-1945", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37", "reference_id": "mfsa2012-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1945" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5zn-r2n7-8ugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2393?format=api", "vulnerability_id": "VCID-p6xe-qepz-7kez", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\ncertain security checks in the location object can be bypassed if chrome code is\ncalled content in a specific manner. This allowed for the loading of restricted\ncontent. This can be combined with other issues to become potentially\nexploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01292", "scoring_system": "epss", "scoring_elements": "0.79982", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3978" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851937", "reference_id": "851937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851937" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978", "reference_id": "CVE-2012-3978", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70", "reference_id": "mfsa2012-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3978" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6xe-qepz-7kez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2278?format=api", "vulnerability_id": "VCID-pc3m-3w52-9yb1", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1951", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03397", "scoring_system": "epss", "scoring_elements": "0.87612", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1951" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205", "reference_id": "840205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840205" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951", "reference_id": "CVE-2012-1951", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1951" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pc3m-3w52-9yb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2579?format=api", "vulnerability_id": "VCID-pgt7-k439-dyby", "summary": "Security researcher PenPal reported a crash\ninvolving a SVG element on which a watch function\nand __defineSetter__ function have been set for a\nparticular property. The crash showed evidence of memory corruption\nand could potentially be used by an attacker to run arbitrary code on\na victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0647", "scoring_system": "epss", "scoring_elements": "0.91221", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2469" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512142", "reference_id": "512142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469", "reference_id": "CVE-2009-2469", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-37", "reference_id": "mfsa2009-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2469" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgt7-k439-dyby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2804?format=api", "vulnerability_id": "VCID-pgty-eyet-87gt", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06676", "scoring_system": "epss", "scoring_elements": "0.9137", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985", "reference_id": "CVE-2011-2985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgty-eyet-87gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2335?format=api", "vulnerability_id": "VCID-phx6-pmuh-8bdr", "summary": "Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74253", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0456" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116", "reference_id": "803116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456", "reference_id": "CVE-2012-0456", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14", "reference_id": "mfsa2012-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0456" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phx6-pmuh-8bdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2863?format=api", "vulnerability_id": "VCID-phyz-e3br-qffu", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87676", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0085" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085", "reference_id": "CVE-2011-0085", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0085" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phyz-e3br-qffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2116?format=api", "vulnerability_id": "VCID-pkky-dzgj-2qay", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway <option> elements are inserted into a XUL\ntree <optgroup>. In certain cases, the number of\nreferences to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used. An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05361", "scoring_system": "epss", "scoring_elements": "0.9022", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0176" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150", "reference_id": "578150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176", "reference_id": "CVE-2010-0176", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18", "reference_id": "mfsa2010-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0176" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkky-dzgj-2qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2182?format=api", "vulnerability_id": "VCID-pq8y-auvb-mkgw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06912", "scoring_system": "epss", "scoring_elements": "0.91532", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415", "reference_id": "660415", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777", "reference_id": "CVE-2010-3777", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0969", "reference_id": "RHSA-2010:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0969" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3777" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq8y-auvb-mkgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2358?format=api", "vulnerability_id": "VCID-ps3u-nesw-myaw", "summary": "Security researcher Mario Gomes andresearch firm\nCode Audit Labs reported a mechanism to short-circuit page\nloads through drag and drop to the addressbar by canceling the page load. This\ncauses the address of the previously site entered to be displayed in the\naddressbar instead of the currently loaded page. This could lead to potential\nphishing attacks on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02775", "scoring_system": "epss", "scoring_elements": "0.86295", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840203", "reference_id": "840203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950", "reference_id": "CVE-2012-1950", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-43", "reference_id": "mfsa2012-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1950" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ps3u-nesw-myaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=api", "vulnerability_id": "VCID-ptfk-cy8g-wyef", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07005", "scoring_system": "epss", "scoring_elements": "0.91598", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991", "reference_id": "CVE-2011-2991", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2991" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptfk-cy8g-wyef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88954?format=api", "vulnerability_id": "VCID-pwuc-1qfh-wue2", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03735", "scoring_system": "epss", "scoring_elements": "0.88197", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2043" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt", "reference_id": "CVE-2009-2043;OSVDB-55197", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35413/info", "reference_id": "CVE-2009-2043;OSVDB-55197", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35413/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2043" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwuc-1qfh-wue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2129?format=api", "vulnerability_id": "VCID-q19p-umh9-rydp", "summary": "Security researcher wushi of team509 reported a\nheap buffer overflow in code routines responsible for transforming\ntext runs. A page could be constructed with a bidirectional text run\nwhich upon reflow could result in an incorrect length being calculated\nfor the run of text. When this value is subsequently used to allocate\nmemory for the text too small a buffer may be created potentially\nresulting in a buffer overflow and the execution of attacker\ncontrolled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05962", "scoring_system": "epss", "scoring_elements": "0.90793", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3166" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630061", "reference_id": "630061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630061" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166", "reference_id": "CVE-2010-3166", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53", "reference_id": "mfsa2010-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3166" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q19p-umh9-rydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2361?format=api", "vulnerability_id": "VCID-q3gb-89sm-8yc3", "summary": "Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the \"~\" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79872", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629", "reference_id": "877629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207", "reference_id": "CVE-2012-4207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101", "reference_id": "mfsa2012-101", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3gb-89sm-8yc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2346?format=api", "vulnerability_id": "VCID-q4xw-urcg-83bw", "summary": "Mozilla developer Matt Brubeck reported that\nwindow.fullScreen is writeable by untrusted content now that the DOM fullscreen\nAPI is enabled. Because window.fullScreen does not include\nmozRequestFullscreen's security protections, it could be used for UI spoofing.\nThis code change makes window.fullScreen read only by untrusted content, forcing\nthe use of the DOM fullscreen API in normal usage.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01798", "scoring_system": "epss", "scoring_elements": "0.83093", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0460" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803111", "reference_id": "803111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460", "reference_id": "CVE-2012-0460", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18", "reference_id": "mfsa2012-18", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0460" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4xw-urcg-83bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2654?format=api", "vulnerability_id": "VCID-q8zq-w7zs-h3gp", "summary": "Moxie Marlinspike reported a heap overflow vulnerability\nin the code that handles regular expressions in certificate names. This\nvulnerability could be used to compromise the browser and run arbitrary code\nby presenting a specially crafted certificate to the client. This code\nprovided compatibility with the non-standard regular expression syntax\nhistorically supported by Netscape clients and servers. With version 3.5\nFirefox switched to the more limited industry-standard wildcard syntax\ninstead and is not vulnerable to this flaw.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21024", "scoring_system": "epss", "scoring_elements": "0.9574", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2404" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912", "reference_id": "512912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934", "reference_id": "539934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404", "reference_id": "CVE-2009-2404", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-43", "reference_id": "mfsa2009-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1184", "reference_id": "RHSA-2009:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1185", "reference_id": "RHSA-2009:1185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1186", "reference_id": "RHSA-2009:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1190", "reference_id": "RHSA-2009:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1207", "reference_id": "RHSA-2009:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1207" }, { "reference_url": "https://usn.ubuntu.com/810-1/", "reference_id": "USN-810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2404" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8zq-w7zs-h3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2398?format=api", "vulnerability_id": "VCID-qemc-854g-kfgx", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nan additional variation on the feed preview vulnerabilities\nfixed in Firefox 2.0.0.17.\nmoz_bug_r_a4 demonstrated that it was still possible to\nuse the feed preview as a vector for JavaScript privilege escalation.\nAn attacker could use this issue to run arbitrary JavaScript with\nchrome privileges.Firefox 3 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87121", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5504" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476273", "reference_id": "476273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476273" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504", "reference_id": "CVE-2008-5504", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-62", "reference_id": "mfsa2008-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5504" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qemc-854g-kfgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2821?format=api", "vulnerability_id": "VCID-qfe3-wddm-c7ee", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04955", "scoring_system": "epss", "scoring_elements": "0.89808", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2378" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730521", "reference_id": "730521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378", "reference_id": "CVE-2011-2378", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1166", "reference_id": "RHSA-2011:1166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1166" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfe3-wddm-c7ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2389?format=api", "vulnerability_id": "VCID-qg3e-xxn8-eqc5", "summary": "Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01381", "scoring_system": "epss", "scoring_elements": "0.80588", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877617", "reference_id": "877617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836", "reference_id": "CVE-2012-5836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94", "reference_id": "mfsa2012-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg3e-xxn8-eqc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2585?format=api", "vulnerability_id": "VCID-qj9j-vc8m-1uhp", "summary": "Security researcher Juan Pablo Lopez Yacubian\nreported that an attacker could call window.open() on an\ninvalid URL which looks similar to a legitimate URL and then\nuse document.write() to place content within the new\ndocument, appearing to have come from the spoofed location.\nAdditionally, if the spoofed document was created by a document with a\nvalid SSL certificate, the SSL indicators would be carried over into\nthe spoofed document. An attacker could use these issues to display\nmisleading location and SSL information for a malicious web page.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13196", "scoring_system": "epss", "scoring_elements": "0.94247", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311", "reference_id": "521311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654", "reference_id": "CVE-2009-2654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html" }, { "reference_url": "https://www.securityfocus.com/bid/35803/info", "reference_id": "CVE-2009-2654;OSVDB-56717", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35803/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44", "reference_id": "mfsa2009-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://usn.ubuntu.com/811-1/", "reference_id": "USN-811-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/811-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qj9j-vc8m-1uhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2342?format=api", "vulnerability_id": "VCID-qkw1-m8aa-2qgn", "summary": "Security researcher Jeroen van der Gun reported that if RSS\nor Atom XML invalid content is loaded over HTTPS, the addressbar updates to\ndisplay the new location of the loaded resource, including SSL indicators, while\nthe main window still displays the previously loaded content. This allows for\nphishing attacks where a malicious page can spoof the identify of another\nseemingly secure site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00775", "scoring_system": "epss", "scoring_elements": "0.7391", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0479" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815044", "reference_id": "815044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479", "reference_id": "CVE-2012-0479", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-33", "reference_id": "mfsa2012-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0479" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkw1-m8aa-2qgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2784?format=api", "vulnerability_id": "VCID-qmh7-fvnc-tqhn", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04704", "scoring_system": "epss", "scoring_elements": "0.89531", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0081" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700676", "reference_id": "700676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081", "reference_id": "CVE-2011-0081", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0081" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmh7-fvnc-tqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=api", "vulnerability_id": "VCID-qn4t-s1ek-vkcm", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that\nwhen window.__lookupGetter__ is called with no arguments\nthe code assumes the top JavaScript stack value is a property name.\nSince there were no arguments passed into the function, the top value\ncould represent uninitialized memory or a pointer to a previously\nfreed JavaScript object. Under such circumstances the value is passed\nto another subroutine which calls through the dangling pointer,\npotentially executing attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06976", "scoring_system": "epss", "scoring_elements": "0.91578", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642286", "reference_id": "642286", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183", "reference_id": "CVE-2010-3183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-67", "reference_id": "mfsa2010-67", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-67" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3183" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4t-s1ek-vkcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2374?format=api", "vulnerability_id": "VCID-qns8-fjf9-13fr", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02458", "scoring_system": "epss", "scoring_elements": "0.85486", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000", "reference_id": "815000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468", "reference_id": "CVE-2012-0468", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20", "reference_id": "mfsa2012-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0515", "reference_id": "RHSA-2012:0515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0516", "reference_id": "RHSA-2012:0516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0516" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0468" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qns8-fjf9-13fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2812?format=api", "vulnerability_id": "VCID-qtwn-s22a-zufy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59674", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2986" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986", "reference_id": "CVE-2011-2986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2986" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtwn-s22a-zufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2583?format=api", "vulnerability_id": "VCID-qwt7-qwnt-5qan", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat a chrome XBL method can be used in conjunction\nwith window.eval to execute arbitrary JavaScript within\nthe context of another website, violating the same origin policy.Firefox 2 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00789", "scoring_system": "epss", "scoring_elements": "0.7416", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483142", "reference_id": "483142", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354", "reference_id": "CVE-2009-0354", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-02", "reference_id": "mfsa2009-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0354" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwt7-qwnt-5qan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2131?format=api", "vulnerability_id": "VCID-qyxv-c1m4-pbc7", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04086", "scoring_system": "epss", "scoring_elements": "0.88754", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466", "reference_id": "615466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753", "reference_id": "CVE-2010-2753", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40", "reference_id": "mfsa2010-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2753" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyxv-c1m4-pbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2844?format=api", "vulnerability_id": "VCID-qzad-6448-1qcf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58557", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993", "reference_id": "CVE-2011-2993", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2993" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzad-6448-1qcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73584?format=api", "vulnerability_id": "VCID-r1w6-3h83-eue3", "summary": "webkit: stylesheet URL property leaks redirection target", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63479", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=568170", "reference_id": "568170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=568170" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0648" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1w6-3h83-eue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2611?format=api", "vulnerability_id": "VCID-r4hv-qrsj-77gz", "summary": "Security researcher Marco C. reported a flaw in\nthe parsing of regular expressions used in Proxy Auto-configuration\n(PAC) files. In certain cases this flaw could be used by an attacker\nto crash a victim's browser and run arbitrary code on their computer.\nSince this vulnerability requires the victim to have PAC configured in\ntheir environment with specific regular expressions which can trigger\nthe crash, the severity of the issue was determined to be\nmoderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02124", "scoring_system": "epss", "scoring_elements": "0.84429", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530155", "reference_id": "530155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372", "reference_id": "CVE-2009-3372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55", "reference_id": "mfsa2009-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3372" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4hv-qrsj-77gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2830?format=api", "vulnerability_id": "VCID-r8vx-y8mz-hqcu", "summary": "Security researcher Mario Heiderich reported it was\npossible to use SVG animation accessKey events to detect\nkey strokes even when JavaScript was disabled. Since web pages can normally\ndetect key events through script and most users have scripting enabled this\ndoes not present a risk for most users. In contexts where the user knows\nscripting is disabled (reading mail, for example, or NoScript users) this\ncould allow a malicious web page to fool a user into interacting with\na prompt thinking it came from the browser or mail program.\n\nAccessing remote content is disabled by default When reading mail in\nThunderbird and SeaMonkey. Successfully capturing keystrokes remotely would\nrequire some social engineering to convince the user to turn it on.\n\nSVG animation is not supported in Thunderbird 3.1 or Firefox 3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.76787", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3663" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676", "reference_id": "770676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663", "reference_id": "CVE-2011-3663", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56", "reference_id": "mfsa2011-56", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56" }, { "reference_url": "https://usn.ubuntu.com/1306-1/", "reference_id": "USN-1306-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1306-1/" }, { "reference_url": "https://usn.ubuntu.com/1343-1/", "reference_id": "USN-1343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3663" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r8vx-y8mz-hqcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2153?format=api", "vulnerability_id": "VCID-rb1h-hqfc-hkfq", "summary": "Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04113", "scoring_system": "epss", "scoring_elements": "0.88792", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2463" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131", "reference_id": "512131", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463", "reference_id": "CVE-2009-2463", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34", "reference_id": "mfsa2009-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-34" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07", "reference_id": "mfsa2010-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1163", "reference_id": "RHSA-2009:1163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" }, { "reference_url": "https://usn.ubuntu.com/915-1/", "reference_id": "USN-915-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/915-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2463" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rb1h-hqfc-hkfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2823?format=api", "vulnerability_id": "VCID-rd8u-nbex-d7hp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01538", "scoring_system": "epss", "scoring_elements": "0.81655", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730522", "reference_id": "730522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984", "reference_id": "CVE-2011-2984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8u-nbex-d7hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2656?format=api", "vulnerability_id": "VCID-reea-m7yc-47e8", "summary": "Mozilla contributor Masahiro Yamada reported that\ncertain invisible control characters were being decoded when displayed\nin the location bar, resulting in fewer visible characters than were\npresent in the actual location. An attacker could use this\nvulnerability to spoof the location bar and display a misleading URL\nfor their malicious web page.The initial version of this advisory incorrectly listed\nThunderbird and SeaMonkey as affected products. Firefox is the only\nproduct affected by this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.84061", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488292", "reference_id": "488292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777", "reference_id": "CVE-2009-0777", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-11", "reference_id": "mfsa2009-11", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0777" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-reea-m7yc-47e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2228?format=api", "vulnerability_id": "VCID-reun-f46b-skb1", "summary": "Bugzilla developer Frédéric Buclin reported that the\n\"X-Frame-Options header is ignored when the value is duplicated,\nfor example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This\nduplication occurs for unknown reasons on some websites and when it occurs\nresults in Mozilla browsers not being protected against possible clickjacking\nattacks on those pages", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01172", "scoring_system": "epss", "scoring_elements": "0.78994", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214", "reference_id": "840214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961", "reference_id": "CVE-2012-1961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51", "reference_id": "mfsa2012-51", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-reun-f46b-skb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70678?format=api", "vulnerability_id": "VCID-rghv-fe21-w3h2", "summary": "Mozilla: Select element persistance allows for attacks (MFSA 2012-75)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75764", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616", "reference_id": "863616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863616" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5354" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rghv-fe21-w3h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2284?format=api", "vulnerability_id": "VCID-rhhn-tqga-gqea", "summary": "Security researcher Mariusz Mlynski reported that the\nlocation property can be accessed by binary plugins through\ntop.location and top can be shadowed by\nObject.defineProperty as well. This can allow for possible\ncross-site scripting (XSS) attacks through plugins.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00927", "scoring_system": "epss", "scoring_elements": "0.76383", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622", "reference_id": "863622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994", "reference_id": "CVE-2012-3994", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-82", "reference_id": "mfsa2012-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3994" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhhn-tqga-gqea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74250?format=api", "vulnerability_id": "VCID-rhmg-v6z6-kfau", "summary": "Thunderbird: DoS via large length property of a Select object", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08242", "scoring_system": "epss", "scoring_elements": "0.92347", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2535" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512909", "reference_id": "512909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512909" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt", "reference_id": "OSVDB-56253;CVE-2009-2535", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2535" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhmg-v6z6-kfau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2666?format=api", "vulnerability_id": "VCID-rrat-t5xc-4qdr", "summary": "Jakob Balle and Carsten Eiram of\nSecunia Research reported a race condition\nin NPObjWrapper_NewResolve when accessing the properties\nof a NPObject, a wrapped JSObject. Balle\nand Eiram demonstrated that this condition could be reached by\nnavigating away from a web page during the loading of a Java applet.\nUnder such conditions the Java object would be destroyed but later\ncalled into resulting in a free memory read. It might be possible\nfor an attacker to write to the freed memory before it is reused and run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2 nor other\nproducts built using the \"Gecko 1.8\" version of Mozilla code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02184", "scoring_system": "epss", "scoring_elements": "0.84638", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503579", "reference_id": "503579", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837", "reference_id": "CVE-2009-1837", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28", "reference_id": "mfsa2009-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1837" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrat-t5xc-4qdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2376?format=api", "vulnerability_id": "VCID-rt45-ac3f-xqau", "summary": "Mozilla security researcher Mark Goodwin discovered an issue\nwith the Firefox developer tools' debugger. If remote debugging is disabled, but\nthe experimental HTTPMonitor extension has been installed and enabled, a remote\nuser can connect to and use the remote debugging service through the port used\nby HTTPMonitor. A remote-enabled flag has been added to resolve\nthis problem and close the port unless debugging is explicitly enabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03046", "scoring_system": "epss", "scoring_elements": "0.8691", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851925", "reference_id": "851925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973", "reference_id": "CVE-2012-3973", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-66", "reference_id": "mfsa2012-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-66" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3973" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rt45-ac3f-xqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2194?format=api", "vulnerability_id": "VCID-rvf4-88af-f7ga", "summary": "Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument. The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext. The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate. A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64404", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1206" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608763", "reference_id": "608763", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206", "reference_id": "CVE-2010-1206", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45", "reference_id": "mfsa2010-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvf4-88af-f7ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2301?format=api", "vulnerability_id": "VCID-rxnh-fjyt-cyab", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0153", "scoring_system": "epss", "scoring_elements": "0.81612", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877942", "reference_id": "877942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212", "reference_id": "CVE-2012-4212", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxnh-fjyt-cyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2645?format=api", "vulnerability_id": "VCID-rzj8-31mb-ebf8", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0746", "scoring_system": "epss", "scoring_elements": "0.91881", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488283", "reference_id": "488283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774", "reference_id": "CVE-2009-0774", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07", "reference_id": "mfsa2009-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0315", "reference_id": "RHSA-2009:0315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0325", "reference_id": "RHSA-2009:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0325" }, { "reference_url": "https://usn.ubuntu.com/728-1/", "reference_id": "USN-728-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-1/" }, { "reference_url": "https://usn.ubuntu.com/728-2/", "reference_id": "USN-728-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-2/" }, { "reference_url": "https://usn.ubuntu.com/728-3/", "reference_id": "USN-728-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/728-3/" }, { "reference_url": "https://usn.ubuntu.com/741-1/", "reference_id": "USN-741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0774" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzj8-31mb-ebf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2667?format=api", "vulnerability_id": "VCID-s1mt-2tfz-skfw", "summary": "Paul Nel reported that certain HTTP directives to\nnot cache web pages, Cache-Control: no-store and Cache-Control:\nno-cache for HTTPS pages, were being ignored by Firefox 3. On a\nshared system, applications relying upon these HTTP directives could\npotentially expose private data. Another user on the system could use\nthis vulnerability to view improperly cached pages containing private\ndata by navigating the browser back.Firefox 2 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40971", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0358" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483150", "reference_id": "483150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358", "reference_id": "CVE-2009-0358", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-06", "reference_id": "mfsa2009-06", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0358" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1mt-2tfz-skfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2864?format=api", "vulnerability_id": "VCID-s1nm-cdq2-nqec", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83259", "scoring_system": "epss", "scoring_elements": "0.99284", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658", "reference_id": "700658", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065", "reference_id": "CVE-2011-0065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0065" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1nm-cdq2-nqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2861?format=api", "vulnerability_id": "VCID-s27c-6ahy-gbgd", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87676", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0083" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581", "reference_id": "714581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083", "reference_id": "CVE-2011-0083", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0083" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s27c-6ahy-gbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2392?format=api", "vulnerability_id": "VCID-s4v8-msj6-j3dw", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute\ncan be accessed under certain circumstances because of a premature notification\nof AttributeChildRemoved. This use-after-free of the child nodes could possibly\nallow for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72536", "scoring_system": "epss", "scoring_elements": "0.98791", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3659" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=786258", "reference_id": "786258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786258" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659", "reference_id": "CVE-2011-3659", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb", "reference_id": "CVE-2011-3659;OSVDB-78736", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb" }, { "reference_url": "http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413", "reference_id": "CVE-2011-3659;OSVDB-78736", "reference_type": "exploit", "scores": [], "url": "http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04", "reference_id": "mfsa2012-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3659" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4v8-msj6-j3dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2660?format=api", "vulnerability_id": "VCID-s4x4-jhdq-efan", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02802", "scoring_system": "epss", "scoring_elements": "0.86364", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1303" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253", "reference_id": "496253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496253" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303", "reference_id": "CVE-2009-1303", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1303" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4x4-jhdq-efan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2475?format=api", "vulnerability_id": "VCID-s6mw-fa6n-wyeh", "summary": "Security researcher Luke Bryan reported that file:\nURIs are given chrome privileges when opened in the same tab as a\nchrome page or privileged about: page. This vulnerability could be\nused by an attacker to run arbitrary JavaScript with chrome\nprivileges. The severity of this issue was determined to be moderate\nas it requires an attacker to have malicious code saved locally, then\nhave a user open a chrome: document or privileged about: URI, and then\nopen the malicious file in the same privileged tab.Firefox 2 is not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05714", "scoring_system": "epss", "scoring_elements": "0.90557", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5015" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470876", "reference_id": "470876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015", "reference_id": "CVE-2008-5015", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-51", "reference_id": "mfsa2008-51", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5015" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6mw-fa6n-wyeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2347?format=api", "vulnerability_id": "VCID-s9rz-eera-tbhz", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06784", "scoring_system": "epss", "scoring_elements": "0.9145", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1947" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843", "reference_id": "827843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947", "reference_id": "CVE-2012-1947", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1947" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9rz-eera-tbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2366?format=api", "vulnerability_id": "VCID-sf66-zf27-cugn", "summary": "Mozilla developer Tim Abraldes reported that when encoding\nimages as image/vnd.microsoft.icon the resulting data was always a\nfixed size, with uninitialized memory appended as padding beyond the size of the\nactual image. This is the result of mImageBufferSize in the encoder being\ninitialized with a value different than the size of the source image. There is\nthe possibility of sensitive data from uninitialized memory being appended to a\nPNG image when converted from an ICO format image. This sensitive data may then\nbe disclosed in the resulting image.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69773", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447", "reference_id": "CVE-2012-0447", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06", "reference_id": "mfsa2012-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06" }, { "reference_url": "https://usn.ubuntu.com/1355-1/", "reference_id": "USN-1355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1355-1/" }, { "reference_url": "https://usn.ubuntu.com/1369-1/", "reference_id": "USN-1369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1369-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0447" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sf66-zf27-cugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2187?format=api", "vulnerability_id": "VCID-sgvb-u7qc-57bx", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that the implementation of XUL\n<tree>'s content view contains a dangling pointer vulnerability.\nOne of the content view's methods for accessing the internal structure\nof the tree could be manipulated into removing a node prior to\naccessing it, resulting in the accessing of deleted memory. If an\nattacker can control the contents of the deleted memory prior to its\naccess they could use this vulnerability to run arbitrary code on a\nvictim's machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05398", "scoring_system": "epss", "scoring_elements": "0.90265", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630067", "reference_id": "630067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167", "reference_id": "CVE-2010-3167", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56", "reference_id": "mfsa2010-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgvb-u7qc-57bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2122?format=api", "vulnerability_id": "VCID-sh8a-1d68-mudt", "summary": "Mozilla developer Wladimir Palant reported that\nstylesheets used in remote XUL documents can wind up in the XUL cache\nwhere it can later be accessed by browser chrome for use in styling\nthe user interface. A malicious website could use this issue to\npollute a user's XUL cache and change style attributes of their\nbrowser such as font size and color.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62457", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576694", "reference_id": "576694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169", "reference_id": "CVE-2010-0169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14", "reference_id": "mfsa2010-14", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0113", "reference_id": "RHSA-2010:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sh8a-1d68-mudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2220?format=api", "vulnerability_id": "VCID-shxn-m14n-7far", "summary": "Security research Nicolas Grégoire used the Address\nSanitizer tool to discover an out-of-bounds read in the format-number feature of\nXSLT, which can cause inaccurate formatting of numbers and information leakage.\nThis is not directly exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04549", "scoring_system": "epss", "scoring_elements": "0.89357", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851924", "reference_id": "851924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972", "reference_id": "CVE-2012-3972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65", "reference_id": "mfsa2012-65", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shxn-m14n-7far" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2132?format=api", "vulnerability_id": "VCID-snem-pp9z-aqb9", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04467", "scoring_system": "epss", "scoring_elements": "0.89262", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2760" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630062", "reference_id": "630062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760", "reference_id": "CVE-2010-2760", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2760" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snem-pp9z-aqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2207?format=api", "vulnerability_id": "VCID-sq7j-me19-fyey", "summary": "Security researchers Yosuke Hasegawa\nand Masatoshi Kimura reported that the x-mac-arabic,\nx-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS\nattacks due to some characters being converted to angle brackets when\ndisplayed by the rendering engine. Sites using these character\nencodings would thus be potentially vulnerable to script injection\nattacks if their script filtering code fails to strip out these\nspecific characters.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08052", "scoring_system": "epss", "scoring_elements": "0.92248", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3770" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660439", "reference_id": "660439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770", "reference_id": "CVE-2010-3770", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt", "reference_id": "CVE-2010-3770;OSVDB-69772", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt" }, { "reference_url": "https://www.securityfocus.com/bid/45353/info", "reference_id": "CVE-2010-3770;OSVDB-69772", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/45353/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-84", "reference_id": "mfsa2010-84", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-84" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3770" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sq7j-me19-fyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71780?format=api", "vulnerability_id": "VCID-ssk9-b2p3-b3ev", "summary": "Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57393", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2605" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2605" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssk9-b2p3-b3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2351?format=api", "vulnerability_id": "VCID-stqg-mham-5bbj", "summary": "Security researcher Mario Heiderich reported that javascript\ncould be executed in the HTML feed-view using <embed> tag\nwithin the RSS <description>. This problem is due to\n<embed> tags not being filtered out during parsing and can\nlead to a potential cross-site scripting (XSS) attack. The flaw existed in a\nparser utility class and could affect other parts of the browser or add-ons\nwhich rely on that class to sanitize untrusted input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00998", "scoring_system": "epss", "scoring_elements": "0.77266", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208", "reference_id": "840208", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840208" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957", "reference_id": "CVE-2012-1957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47", "reference_id": "mfsa2012-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1088", "reference_id": "RHSA-2012:1088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1089", "reference_id": "RHSA-2012:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1089" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1957" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stqg-mham-5bbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2625?format=api", "vulnerability_id": "VCID-sw5m-vvtd-tfb6", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07076", "scoring_system": "epss", "scoring_elements": "0.91643", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662", "reference_id": "CVE-2009-2662", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45", "reference_id": "mfsa2009-45", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2662" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw5m-vvtd-tfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2443?format=api", "vulnerability_id": "VCID-swze-ac2f-43bp", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects. moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object. These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07556", "scoring_system": "epss", "scoring_elements": "0.91948", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4059" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463192", "reference_id": "463192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463192" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059", "reference_id": "CVE-2008-4059", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41", "reference_id": "mfsa2008-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4059" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swze-ac2f-43bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2423?format=api", "vulnerability_id": "VCID-szd6-wdgm-rqhb", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03898", "scoring_system": "epss", "scoring_elements": "0.88471", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463199", "reference_id": "463199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061", "reference_id": "CVE-2008-4061", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szd6-wdgm-rqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2328?format=api", "vulnerability_id": "VCID-t4u8-8ysj-tbhh", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964", "reference_id": "CVE-2012-3964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4u8-8ysj-tbhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2126?format=api", "vulnerability_id": "VCID-t4vh-sf1x-d3dj", "summary": "OUSPG researcher Aki Helin reported a buffer\noverflow in Mozilla graphics code which consumes image data processed\nby libpng. A malformed PNG file could be created which would cause\nlibpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14816", "scoring_system": "epss", "scoring_elements": "0.94616", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238", "reference_id": "608238", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205", "reference_id": "CVE-2010-1205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c", "reference_id": "CVE-2010-1205", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205", "reference_id": "CVE-2010-1205", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1205" }, { "reference_url": "https://security.gentoo.org/glsa/201010-01", "reference_id": "GLSA-201010-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201010-01" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201412-08", "reference_id": "GLSA-201412-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-08" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41", "reference_id": "mfsa2010-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0534", "reference_id": "RHSA-2010:0534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" }, { "reference_url": "https://usn.ubuntu.com/960-1/", "reference_id": "USN-960-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/960-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4vh-sf1x-d3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2431?format=api", "vulnerability_id": "VCID-t82b-wx66-hbbx", "summary": "Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06165", "scoring_system": "epss", "scoring_elements": "0.90963", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5500" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476266", "reference_id": "476266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500", "reference_id": "CVE-2008-5500", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60", "reference_id": "mfsa2008-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-60" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5500" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t82b-wx66-hbbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2332?format=api", "vulnerability_id": "VCID-t8xj-n8m2-kbfg", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02146", "scoring_system": "epss", "scoring_elements": "0.84505", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851908", "reference_id": "851908", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851908" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971", "reference_id": "CVE-2012-1971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8xj-n8m2-kbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2782?format=api", "vulnerability_id": "VCID-t8xs-9akz-5yfg", "summary": "Security researcher Jordi Chancel reported a crash\non multipart/x-mixed-replace images due to memory\ncorruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05899", "scoring_system": "epss", "scoring_elements": "0.90738", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2377" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714929", "reference_id": "714929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377", "reference_id": "CVE-2011-2377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21", "reference_id": "mfsa2011-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8xs-9akz-5yfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2618?format=api", "vulnerability_id": "VCID-tcfs-yn97-zfhw", "summary": "Mozilla security researcher Jesse Ruderman reported\nthat when security modules were added or removed\nvia pkcs11.addmodule or pkcs11.deletemodule,\nthe resulting dialog was not sufficiently informative. Without\nsufficient warning, an attacker could entice a victim to install a\nmalicious PKCS11 module and affect the cryptographic integrity of the\nvictim's browser.Security researcher Dan Kaminsky reported that\nthis issue had not been fixed in Firefox 3.0 and that under certain\ncircumstances pkcs11 modules could be installed from a\nremote location.Firefox 3.5 releases are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17599", "scoring_system": "epss", "scoring_elements": "0.95204", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3076" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692", "reference_id": "521692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076", "reference_id": "CVE-2009-3076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt", "reference_id": "CVE-2009-3076;OSVDB-57977", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48", "reference_id": "mfsa2009-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-48" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1430", "reference_id": "RHSA-2009:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1431", "reference_id": "RHSA-2009:1431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0153", "reference_id": "RHSA-2010:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0154", "reference_id": "RHSA-2010:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0154" }, { "reference_url": "https://usn.ubuntu.com/821-1/", "reference_id": "USN-821-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/821-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcfs-yn97-zfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2808?format=api", "vulnerability_id": "VCID-td4n-bv4d-jqfn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10043", "scoring_system": "epss", "scoring_elements": "0.93191", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987", "reference_id": "CVE-2011-2987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2987" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-td4n-bv4d-jqfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2795?format=api", "vulnerability_id": "VCID-tguh-s9wb-buey", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03206", "scoring_system": "epss", "scoring_elements": "0.87232", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675082", "reference_id": "675082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053", "reference_id": "CVE-2011-0053", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0311", "reference_id": "RHSA-2011:0311", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0312", "reference_id": "RHSA-2011:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0313", "reference_id": "RHSA-2011:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0313" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1050-1/", "reference_id": "USN-1050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1050-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0053" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tguh-s9wb-buey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2586?format=api", "vulnerability_id": "VCID-trw6-z25m-nucy", "summary": "Mozilla security researcher moz_bug_r_a4 reported\na vulnerability which allows scripts from page content to run with\nelevated privileges. Using this vulnerability, an attacker could\ncause a chrome privileged object, such as the browser sidebar or the\nFeedWriter, to interact with web content in such a way that attacker\ncontrolled code may be executed with the object's chrome\nprivileges.Thunderbird supports neither the sidebar nor\nBrowserFeedWriter objects and is not vulnerable in its default\nconfiguration. Thunderbird might be vulnerable if the user has installed\nany add-on which adds a similarly implemented feature and then enables\nJavaScript in mail messages. This is not the default setting and we\nstrongly discourage users from running JavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04241", "scoring_system": "epss", "scoring_elements": "0.88957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583", "reference_id": "503583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841", "reference_id": "CVE-2009-1841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32", "reference_id": "mfsa2009-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1841" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trw6-z25m-nucy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2189?format=api", "vulnerability_id": "VCID-ttpz-dknd-2qey", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0757", "scoring_system": "epss", "scoring_elements": "0.91957", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173", "reference_id": "CVE-2010-0173", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16", "reference_id": "mfsa2010-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0173" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttpz-dknd-2qey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2837?format=api", "vulnerability_id": "VCID-tw6y-cy6t-x7by", "summary": "Claus Wahlers reported that random images from GPU memory\nwere showing up in WebGL textures. Once incorporated into the WebGL graphics it\nis possible for a site to programmatically read the image data and potentially\ngain sensitive data from other things that had been displayed earlier. This\nproblem is due to a bug in the driver for Intel integrated GPUs on recent\nMac OS X hardware, and the problem can be seen in WebGL implementations from\nother vendors. Mozilla has implemented a work-around to prevent this from\nhappening with this hardware-driver combination.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46386", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653", "reference_id": "CVE-2011-3653", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-51", "reference_id": "mfsa2011-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3653" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tw6y-cy6t-x7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2357?format=api", "vulnerability_id": "VCID-u2ea-zsxx-6khx", "summary": "Security researcher Daniel Divricean reported that a defect\nin the error handling of javascript errors can leak the file names and location\nof javascript files on a server, leading to inadvertent information disclosure\nand a vector for further attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00891", "scoring_system": "epss", "scoring_elements": "0.75863", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187", "reference_id": "815187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187", "reference_id": "CVE-2011-1187", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-32", "reference_id": "mfsa2012-32", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-32" }, { "reference_url": "https://usn.ubuntu.com/1430-1/", "reference_id": "USN-1430-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-1/" }, { "reference_url": "https://usn.ubuntu.com/1430-3/", "reference_id": "USN-1430-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1430-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-1187" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2ea-zsxx-6khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88962?format=api", "vulnerability_id": "VCID-u636-v3x8-6fft", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62117", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3866" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3866" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u636-v3x8-6fft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2659?format=api", "vulnerability_id": "VCID-u714-aeta-j7by", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04391", "scoring_system": "epss", "scoring_elements": "0.89158", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1302" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496252", "reference_id": "496252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302", "reference_id": "CVE-2009-1302", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14", "reference_id": "mfsa2009-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1302" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u714-aeta-j7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2288?format=api", "vulnerability_id": "VCID-u7um-16ay-eqhd", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01433", "scoring_system": "epss", "scoring_elements": "0.80987", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635", "reference_id": "877635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833", "reference_id": "CVE-2012-5833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-5833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7um-16ay-eqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2394?format=api", "vulnerability_id": "VCID-u829-rqhq-afdu", "summary": "Security researcher Colby Russell discovered that eval in\nthe web console can execute injected code with chrome privileges, leading to the\nrunning of malicious code in a privileged context. This allows for arbitrary\ncode execution through a malicious web page if the web console is invoked by the\nuser.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02199", "scoring_system": "epss", "scoring_elements": "0.84686", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3980" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851939", "reference_id": "851939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851939" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980", "reference_id": "CVE-2012-3980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72", "reference_id": "mfsa2012-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u829-rqhq-afdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2472?format=api", "vulnerability_id": "VCID-uesh-b969-pfa6", "summary": "Mozilla developer Jesse Ruderman demonstrated that\nby tampering with the window.__proto__.__proto__ object,\none can cause the browser to place a lock on a non-native object,\nleading to a crash. Although we have not demonstrated such control, a\ndetermined attacker might be able to exploit this crash to run\narbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25205", "scoring_system": "epss", "scoring_elements": "0.96286", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5014" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470873", "reference_id": "470873", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014", "reference_id": "CVE-2008-5014", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50", "reference_id": "mfsa2008-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0976", "reference_id": "RHSA-2008:0976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" }, { "reference_url": "https://usn.ubuntu.com/668-1/", "reference_id": "USN-668-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/668-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5014" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uesh-b969-pfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2829?format=api", "vulnerability_id": "VCID-ugzh-a5w2-cbee", "summary": "Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42028", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001", "reference_id": "CVE-2011-3001", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40", "reference_id": "mfsa2011-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-40" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3001" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugzh-a5w2-cbee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2176?format=api", "vulnerability_id": "VCID-um8y-xkv9-zya9", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03201", "scoring_system": "epss", "scoring_elements": "0.8722", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174", "reference_id": "CVE-2010-3174", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64", "reference_id": "mfsa2010-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3174" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-um8y-xkv9-zya9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2216?format=api", "vulnerability_id": "VCID-umhg-zxkd-bkh5", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the wrapper class XPCSafeJSObjectWrapper (SJOW) on\nthe Mozilla 1.9.1 development branch has a logical error in its\nscripted function implementation that allows the caller to run the\nfunction within the context of another site. This is a violation of\nthe same-origin policy and could be used to mount an XSS attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67447", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763", "reference_id": "CVE-2010-2763", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60", "reference_id": "mfsa2010-60", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2763" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-umhg-zxkd-bkh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2860?format=api", "vulnerability_id": "VCID-ut68-z785-9kaw", "summary": "Security researchers Chris Rohlf and Yan\nIvnitskiy of Matasano Security reported that when a\nJavaScript Array object had its length set to an\nextremely large value, the iteration of array elements that occurs\nwhen its reduceRight method was subsequently called could\nresult in the execution of attacker controlled memory due to an\ninvalid index value being used to access element properties.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86212", "scoring_system": "epss", "scoring_elements": "0.99414", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714580", "reference_id": "714580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371", "reference_id": "CVE-2011-2371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html", "reference_id": "CVE-2011-2371;OSVDB-73184", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22", "reference_id": "mfsa2011-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2371" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ut68-z785-9kaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2146?format=api", "vulnerability_id": "VCID-uzx7-1bns-h7cx", "summary": "Security researcher Orlando Barrera II of SecTheory reported,\nvia TippingPoint's Zero Day Initiative, that Mozilla's implementation\nof Web Workers contained an error in its handling of array data types\nwhen processing posted messages. This error could be used by an\nattacker to corrupt heap memory and crash the browser, potentially\nrunning arbitrary code on a victim's computer.Web Workers were introduced in Firefox 3.5; Firefox 3.0\nand earlier versions were not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05179", "scoring_system": "epss", "scoring_elements": "0.9005", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566049", "reference_id": "566049", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160", "reference_id": "CVE-2010-0160", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02", "reference_id": "mfsa2010-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0160" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uzx7-1bns-h7cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2617?format=api", "vulnerability_id": "VCID-vae5-ym3t-3fd1", "summary": "Security research firm iDefense reported that\nresearcher regenrecht discovered a heap-based buffer\noverflow in Mozilla's GIF image parser. This vulnerability could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11615", "scoring_system": "epss", "scoring_elements": "0.93768", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3373" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530156", "reference_id": "530156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373", "reference_id": "CVE-2009-3373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt", "reference_id": "CVE-2009-3373;OSVDB-59393", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt" }, { "reference_url": "https://www.securityfocus.com/bid/36855/info", "reference_id": "CVE-2009-3373;OSVDB-59393", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/36855/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56", "reference_id": "mfsa2009-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vae5-ym3t-3fd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2424?format=api", "vulnerability_id": "VCID-vc3j-t6ae-yqf9", "summary": "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code. This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0291", "scoring_system": "epss", "scoring_elements": "0.86609", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463201", "reference_id": "463201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463201" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062", "reference_id": "CVE-2008-4062", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42", "reference_id": "mfsa2008-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0879", "reference_id": "RHSA-2008:0879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0882", "reference_id": "RHSA-2008:0882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4062" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vc3j-t6ae-yqf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2123?format=api", "vulnerability_id": "VCID-vcz4-mpqz-k7dn", "summary": "Mozilla developer Blake Kaplan reported that the\nwrapper class XPCSafeJSObjectWrapper (SJOW), a security\nwrapper that allows content-defined objects to be safely accessed by\nprivileged code, creates scope chains ending in outer objects. Users\nof SJOWs which expect the scope chain to end on an inner object may be\nhanded a chrome privileged object which could be leveraged to run\narbitrary JavaScript with chrome privileges.Michal Zalewski's recent contributions helped to\nidentify this architectural weakness.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.82821", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2762" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630071", "reference_id": "630071", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630071" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762", "reference_id": "CVE-2010-2762", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-59", "reference_id": "mfsa2010-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-59" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2762" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcz4-mpqz-k7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2162?format=api", "vulnerability_id": "VCID-vekg-epcv-cqgd", "summary": "Security researcher Hidetake Jo of Microsoft\nVulnerability Research reported that the properties set on an object\npassed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain. This is a violation of the same-origin policy and could\nresult in a website running untrusted JavaScript if it assumed\nthe dialogArguments could not be initialized by another\nsite.An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60859", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3988" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566051", "reference_id": "566051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988", "reference_id": "CVE-2009-3988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04", "reference_id": "mfsa2010-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vekg-epcv-cqgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2880?format=api", "vulnerability_id": "VCID-vjbh-dhuh-cyaj", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal memory mapping of non-local JS\nvariables contained a buffer overflow which could potentially be used\nby an attacker to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09158", "scoring_system": "epss", "scoring_elements": "0.92814", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=675091", "reference_id": "675091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=675091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054", "reference_id": "CVE-2011-0054", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04", "reference_id": "mfsa2011-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0310", "reference_id": "RHSA-2011:0310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0310" }, { "reference_url": "https://usn.ubuntu.com/1049-1/", "reference_id": "USN-1049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1049-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0054" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjbh-dhuh-cyaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2385?format=api", "vulnerability_id": "VCID-vk71-ur84-2kgz", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04347", "scoring_system": "epss", "scoring_elements": "0.89101", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0463" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463", "reference_id": "CVE-2012-0463", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0463" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vk71-ur84-2kgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2849?format=api", "vulnerability_id": "VCID-vnmm-3sby-y7hk", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04023", "scoring_system": "epss", "scoring_elements": "0.88663", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2374" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576", "reference_id": "714576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374", "reference_id": "CVE-2011-2374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" }, { "reference_url": "https://usn.ubuntu.com/1157-1/", "reference_id": "USN-1157-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1157-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnmm-3sby-y7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2327?format=api", "vulnerability_id": "VCID-vnu6-2tzh-5kab", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85041", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3963" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963", "reference_id": "CVE-2012-3963", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnu6-2tzh-5kab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2819?format=api", "vulnerability_id": "VCID-vqng-ra2r-y3db", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01336", "scoring_system": "epss", "scoring_elements": "0.80292", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2981" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730520", "reference_id": "730520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981", "reference_id": "CVE-2011-2981", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2981" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqng-ra2r-y3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2263?format=api", "vulnerability_id": "VCID-vr3a-xs8t-4qap", "summary": "Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05225", "scoring_system": "epss", "scoring_elements": "0.90093", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626", "reference_id": "863626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185", "reference_id": "CVE-2012-4185", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86", "reference_id": "mfsa2012-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-86" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1350", "reference_id": "RHSA-2012:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1351", "reference_id": "RHSA-2012:1351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1351" }, { "reference_url": "https://usn.ubuntu.com/1600-1/", "reference_id": "USN-1600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1600-1/" }, { "reference_url": "https://usn.ubuntu.com/1611-1/", "reference_id": "USN-1611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1611-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4185" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vr3a-xs8t-4qap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2869?format=api", "vulnerability_id": "VCID-vt1n-t5vm-67cc", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.86032", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=741902", "reference_id": "741902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995", "reference_id": "CVE-2011-2995", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1341", "reference_id": "RHSA-2011:1341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1342", "reference_id": "RHSA-2011:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1342" }, { "reference_url": "https://usn.ubuntu.com/1210-1/", "reference_id": "USN-1210-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1210-1/" }, { "reference_url": "https://usn.ubuntu.com/1213-1/", "reference_id": "USN-1213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1213-1/" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2995" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vt1n-t5vm-67cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2211?format=api", "vulnerability_id": "VCID-vugt-cer6-sfhd", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04617", "scoring_system": "epss", "scoring_elements": "0.89429", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=660431", "reference_id": "660431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660431" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767", "reference_id": "CVE-2010-3767", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-81", "reference_id": "mfsa2010-81", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-81" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0966", "reference_id": "RHSA-2010:0966", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0967", "reference_id": "RHSA-2010:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0968", "reference_id": "RHSA-2010:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0968" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vugt-cer6-sfhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2384?format=api", "vulnerability_id": "VCID-vuq7-9gsu-sbfc", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01568", "scoring_system": "epss", "scoring_elements": "0.81827", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109", "reference_id": "803109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464", "reference_id": "CVE-2012-0464", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19", "reference_id": "mfsa2012-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0464" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuq7-9gsu-sbfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2827?format=api", "vulnerability_id": "VCID-vzdc-6fne-5fck", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00849", "scoring_system": "epss", "scoring_elements": "0.75168", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=730523", "reference_id": "730523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983", "reference_id": "CVE-2011-2983", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30", "reference_id": "mfsa2011-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-30" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32", "reference_id": "mfsa2011-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1164", "reference_id": "RHSA-2011:1164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1165", "reference_id": "RHSA-2011:1165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1167", "reference_id": "RHSA-2011:1167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1167" }, { "reference_url": "https://usn.ubuntu.com/1184-1/", "reference_id": "USN-1184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1184-1/" }, { "reference_url": "https://usn.ubuntu.com/1185-1/", "reference_id": "USN-1185-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1185-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2983" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzdc-6fne-5fck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2320?format=api", "vulnerability_id": "VCID-wbbj-pv5p-nuaa", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02314", "scoring_system": "epss", "scoring_elements": "0.85041", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910", "reference_id": "851910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956", "reference_id": "CVE-2012-3956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3956" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbj-pv5p-nuaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2390?format=api", "vulnerability_id": "VCID-wesw-ctff-bfff", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03749", "scoring_system": "epss", "scoring_elements": "0.88218", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1949" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021281", "reference_id": "2021281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949", "reference_id": "CVE-2012-1949", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42", "reference_id": "mfsa2012-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42" }, { "reference_url": "https://usn.ubuntu.com/1509-1/", "reference_id": "USN-1509-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1509-1/" }, { "reference_url": "https://usn.ubuntu.com/1510-1/", "reference_id": "USN-1510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-1949" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wesw-ctff-bfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2595?format=api", "vulnerability_id": "VCID-wk8j-jx5v-g7g3", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\na form input control's type could be changed during the restoration of a\nclosed tab. An attacker could set an input control's text value to the\npath of a local file whose location was known to the attacker. If the tab\nwas then closed and the victim persuaded to re-open it, upon restoring the\ntab the attacker could use this vulnerability to change the input type to\nfile. Scripts in the page could then automatically submit\nthe form and steal the contents of the user's local file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02431", "scoring_system": "epss", "scoring_elements": "0.85396", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0355" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483143", "reference_id": "483143", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355", "reference_id": "CVE-2009-0355", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-03", "reference_id": "mfsa2009-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0258", "reference_id": "RHSA-2009:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0258" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/717-2/", "reference_id": "USN-717-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0355" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wk8j-jx5v-g7g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73919?format=api", "vulnerability_id": "VCID-wnhp-wmct-qyhh", "summary": "firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530162", "reference_id": "530162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530162" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1563" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wnhp-wmct-qyhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2607?format=api", "vulnerability_id": "VCID-wtyd-jcnh-2bhq", "summary": "Security researcher Dan Kaminsky reported an\ninteger overflow in the Theora video library. A video's dimensions\nwere being multiplied together and used in particular memory\nallocations. When the video dimensions were sufficiently large, the\nmultiplication could overflow a 32-bit integer resulting in too small\na memory buffer being allocated for the video. An attacker could use\na specially crafted video to write data past the bounds of this\nbuffer, causing a crash and potentially running arbitrary code on a\nvictim's computer.Mozilla intern David Keeler also independently\nreported this issue as well as an additional crash which was\ndetermined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine\nin Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these\nproducts were not affected.These bugs were fixed upstream in Theora version 1.1\n(\"Thusnelda\") but the older version used in Firefox 3.5 needed this\npatch.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0553", "scoring_system": "epss", "scoring_elements": "0.90392", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=548541", "reference_id": "548541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=548541" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950", "reference_id": "572950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389", "reference_id": "CVE-2009-3389", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201312-04", "reference_id": "GLSA-201312-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67", "reference_id": "mfsa2009-67", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyd-jcnh-2bhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2155?format=api", "vulnerability_id": "VCID-wwk8-bpv8-zyhh", "summary": "Mozilla developer Ehsan Akhgari reported that a\nfunction used to load external libraries on Windows platforms was\nusing a relative path to a DLL-loading application and was thus\nvulnerable to binary planting if an attacker was able to place an\nexecutable of the same name in the current working directory or any of\nthe other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to\nlaunch Mozilla applications on Linux was effectively including the\ncurrent working directory in the LD_LIBRARY_PATH\nenvironment variable. If an attacker was able to place into the\ncurrent working directory a malicious shared library with the same\nname as a library that the bootstrapping script depends on the\nattacker could have their library loaded instead of the legitimate\nlibrary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23338", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642300", "reference_id": "642300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182", "reference_id": "CVE-2010-3182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-71", "reference_id": "mfsa2010-71", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-71" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0780", "reference_id": "RHSA-2010:0780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0781", "reference_id": "RHSA-2010:0781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0782", "reference_id": "RHSA-2010:0782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0861", "reference_id": "RHSA-2010:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0896", "reference_id": "RHSA-2010:0896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0896" }, { "reference_url": "https://usn.ubuntu.com/997-1/", "reference_id": "USN-997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/997-1/" }, { "reference_url": "https://usn.ubuntu.com/998-1/", "reference_id": "USN-998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/998-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwk8-bpv8-zyhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2226?format=api", "vulnerability_id": "VCID-x444-96ea-pfc4", "summary": "Security researcher Mariusz Mlynski reported that an\nattacker able to convince a potential victim to set a new home page by dragging\na link to the \"home\" button can set that user's home page to a\njavascript: URL. Once this is done the attacker's page can cause\nrepeated crashes of the browser, eventually getting the script URL loaded in the\nprivileged about:sessionrestore context.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0458", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.8421", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0458" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803113", "reference_id": "803113", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458", "reference_id": "CVE-2012-0458", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-16", "reference_id": "mfsa2012-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0458" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x444-96ea-pfc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71633?format=api", "vulnerability_id": "VCID-x6pd-2arc-gqdq", "summary": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03832", "scoring_system": "epss", "scoring_elements": "0.88348", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389" }, { "reference_url": "https://curl.se/docs/CVE-2011-3389.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2011-3389.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "reference_id": "737506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "reference_url": "https://security.gentoo.org/glsa/201111-02", "reference_id": "GLSA-201111-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-02" }, { "reference_url": "https://security.gentoo.org/glsa/201203-02", "reference_id": "GLSA-201203-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-02" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1380", "reference_id": "RHSA-2011:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1384", "reference_id": "RHSA-2011:1384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0006", "reference_id": "RHSA-2012:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0034", "reference_id": "RHSA-2012:0034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0343", "reference_id": "RHSA-2012:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0508", "reference_id": "RHSA-2012:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1455", "reference_id": "RHSA-2013:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1455" }, { "reference_url": "https://usn.ubuntu.com/1263-1/", "reference_id": "USN-1263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1263-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6pd-2arc-gqdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2873?format=api", "vulnerability_id": "VCID-x7qs-rmew-4qe3", "summary": "Mozilla security researcher David Chan reported\nthat cookies set for example.com. (note the trailing dot)\nand example.com were treated as interchangeable. This is\na violation of same-origin conventions and could potentially lead to\nleakage of cookie data to the wrong party.This issue did not affect Firefox 4, SeaMonkey 2.1, or newer\nMozilla-based products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01226", "scoring_system": "epss", "scoring_elements": "0.79438", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2362" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=714583", "reference_id": "714583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362", "reference_id": "CVE-2011-2362", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-24", "reference_id": "mfsa2011-24", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0885", "reference_id": "RHSA-2011:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0886", "reference_id": "RHSA-2011:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0887", "reference_id": "RHSA-2011:0887", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0888", "reference_id": "RHSA-2011:0888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0888" }, { "reference_url": "https://usn.ubuntu.com/1149-1/", "reference_id": "USN-1149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1149-1/" }, { "reference_url": "https://usn.ubuntu.com/1150-1/", "reference_id": "USN-1150-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1150-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2362" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7qs-rmew-4qe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2641?format=api", "vulnerability_id": "VCID-xe95-tcad-cyhu", "summary": "Mozilla security researcher Georgi Guninski reported\nthat the fix for an earlier vulnerability reported by Liu Die Yu using local\ninternet shortcut files to access other sites\n(MFSA 2008-47) could be bypassed\nby redirecting to a privileged about: URI such as\nabout:plugins.\nIf an attacker could get a victim to\ndownload two files, a malicious HTML file and a .desktop shortcut\nfile, they could have the HTML document load a privileged chrome document\nvia the shortcut and both documents would be treated as same origin.\nThis vulnerability could potentially be used by an attacker to inject\narbitrary code into the chrome document and execute with chrome\nprivileges. Because this attack has relatively high complexity, the\nseverity of this issue was determined to be moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00909", "scoring_system": "epss", "scoring_elements": "0.76132", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0356" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483144", "reference_id": "483144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356", "reference_id": "CVE-2009-0356", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-04", "reference_id": "mfsa2009-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0356" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xe95-tcad-cyhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2403?format=api", "vulnerability_id": "VCID-xh5q-bfkr-guep", "summary": "Security researcher Collin Jackson reported that\nthe -moz-binding CSS property can be used to bypass security checks\nwhich validate codebase principals. Similar to the issue reported\nin MFSA 2008-23, Jackson demonstrated\nthat an attacker can replace a stylesheet in a signed JAR which uses\nrelative paths, and can then use the -moz-binding property to inject\nmalicious script into the JAR. The injected script will be executed\nwith the privileges of the signed JAR. This vulnerability can thus\nallow an attacker to run arbitrary JavaScript within the context of\nanother site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1839", "scoring_system": "epss", "scoring_elements": "0.95341", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=470898", "reference_id": "470898", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023", "reference_id": "CVE-2008-5023", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-57", "reference_id": "mfsa2008-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0977", "reference_id": "RHSA-2008:0977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0978", "reference_id": "RHSA-2008:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0978" }, { "reference_url": "https://usn.ubuntu.com/667-1/", "reference_id": "USN-667-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/667-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5023" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xh5q-bfkr-guep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2334?format=api", "vulnerability_id": "VCID-xhfm-9dtr-63cj", "summary": "Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07333", "scoring_system": "epss", "scoring_elements": "0.91811", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0457" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116", "reference_id": "803116", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457", "reference_id": "CVE-2012-0457", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14", "reference_id": "mfsa2012-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" }, { "reference_url": "https://usn.ubuntu.com/1401-1/", "reference_id": "USN-1401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-1/" }, { "reference_url": "https://usn.ubuntu.com/1401-2/", "reference_id": "USN-1401-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1401-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0457" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhfm-9dtr-63cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2147?format=api", "vulnerability_id": "VCID-xj7k-fek3-gbhh", "summary": "Mozilla developer Vladimir Vukicevic reported that\na canvas element can be used to read data from another site, violating\nthe same-origin policy. The read restriction placed on a canvas\nelement which has had cross-origin data rendered into it can be\nbypassed by retaining a reference to the canvas element's context and\ndeleting the associated canvas node from the DOM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1207", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62303", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1207" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615472", "reference_id": "615472", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207", "reference_id": "CVE-2010-1207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43", "reference_id": "mfsa2010-43", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj7k-fek3-gbhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2453?format=api", "vulnerability_id": "VCID-xt9w-ahy8-bfb6", "summary": "Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages. The error was caused by too small a heap buffer being allocated to store message header information. This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02832", "scoring_system": "epss", "scoring_elements": "0.86427", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=464041", "reference_id": "464041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=464041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070", "reference_id": "CVE-2008-4070", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-46", "reference_id": "mfsa2008-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0908", "reference_id": "RHSA-2008:0908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0908" }, { "reference_url": "https://usn.ubuntu.com/647-1/", "reference_id": "USN-647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-4070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xt9w-ahy8-bfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2871?format=api", "vulnerability_id": "VCID-xtst-5kbr-fba9", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04198", "scoring_system": "epss", "scoring_elements": "0.88907", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997", "reference_id": "CVE-2011-2997", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36", "reference_id": "mfsa2011-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-36" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2997" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtst-5kbr-fba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2224?format=api", "vulnerability_id": "VCID-xvw5-jd6a-9ff3", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01852", "scoring_system": "epss", "scoring_elements": "0.83329", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920", "reference_id": "851920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968", "reference_id": "CVE-2012-3968", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1210", "reference_id": "RHSA-2012:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1211", "reference_id": "RHSA-2012:1211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1211" }, { "reference_url": "https://usn.ubuntu.com/1548-1/", "reference_id": "USN-1548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1548-1/" }, { "reference_url": "https://usn.ubuntu.com/1551-1/", "reference_id": "USN-1551-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1551-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-3968" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvw5-jd6a-9ff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2628?format=api", "vulnerability_id": "VCID-xwn1-qre7-k7cc", "summary": "Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way. This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page. An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64461", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=546726", "reference_id": "546726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546726" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985", "reference_id": "CVE-2009-3985", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69", "reference_id": "mfsa2009-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1674", "reference_id": "RHSA-2009:1674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1674" }, { "reference_url": "https://usn.ubuntu.com/873-1/", "reference_id": "USN-873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/873-1/" }, { "reference_url": "https://usn.ubuntu.com/874-1/", "reference_id": "USN-874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwn1-qre7-k7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2215?format=api", "vulnerability_id": "VCID-xyfx-jjk2-3bff", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the implementation of\nthe window.navigator.plugins object. When a page\nreloads, the plugins array would reallocate all of its members without\nchecking for existing references to each member. This could result in\nthe deletion of objects for which valid pointers still exist. An\nattacker could use this vulnerability to crash a victim's browser and\nrun arbitrary code on the victim's machine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06689", "scoring_system": "epss", "scoring_elements": "0.91381", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0177" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152", "reference_id": "578152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177", "reference_id": "CVE-2010-0177", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19", "reference_id": "mfsa2010-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0333", "reference_id": "RHSA-2010:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0177" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xyfx-jjk2-3bff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2214?format=api", "vulnerability_id": "VCID-y2ky-dg41-yqfe", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02028", "scoring_system": "epss", "scoring_elements": "0.84071", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615456", "reference_id": "615456", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212", "reference_id": "CVE-2010-1212", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34", "reference_id": "mfsa2010-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2ky-dg41-yqfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71053?format=api", "vulnerability_id": "VCID-y3by-ejzy-y7g4", "summary": "Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3101", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0174", "scoring_system": "epss", "scoring_elements": "0.82823", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3101" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829", "reference_id": "827829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827829" }, { "reference_url": "https://security.gentoo.org/glsa/201205-03", "reference_id": "GLSA-201205-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201205-03" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0710", "reference_id": "RHSA-2012:0710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0715", "reference_id": "RHSA-2012:0715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0715" }, { "reference_url": "https://usn.ubuntu.com/1463-1/", "reference_id": "USN-1463-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-1/" }, { "reference_url": "https://usn.ubuntu.com/1463-4/", "reference_id": "USN-1463-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-4/" }, { "reference_url": "https://usn.ubuntu.com/1463-6/", "reference_id": "USN-1463-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1463-6/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3101" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3by-ejzy-y7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2163?format=api", "vulnerability_id": "VCID-y5e5-wa84-j3bz", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03502", "scoring_system": "epss", "scoring_elements": "0.87812", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165", "reference_id": "CVE-2010-0165", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0165" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5e5-wa84-j3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2270?format=api", "vulnerability_id": "VCID-y5rs-pd7w-m3ce", "summary": "Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4194", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80447", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4194" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893", "reference_id": "869893", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194", "reference_id": "CVE-2012-4194", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90", "reference_id": "mfsa2012-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1407", "reference_id": "RHSA-2012:1407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1413", "reference_id": "RHSA-2012:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1413" }, { "reference_url": "https://usn.ubuntu.com/1620-1/", "reference_id": "USN-1620-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-1/" }, { "reference_url": "https://usn.ubuntu.com/1620-2/", "reference_id": "USN-1620-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1620-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4194" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5rs-pd7w-m3ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2180?format=api", "vulnerability_id": "VCID-y6rz-xqjf-wfdn", "summary": "Security researcher Soroush Dalili reported that\npotentially sensitive URL parameters could be leaked across domains\nupon script errors when the script filename and line number is\nincluded in the error message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62303", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488", "reference_id": "615488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754", "reference_id": "CVE-2010-2754", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47", "reference_id": "mfsa2010-47", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" }, { "reference_url": "https://usn.ubuntu.com/958-1/", "reference_id": "USN-958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2754" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6rz-xqjf-wfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2145?format=api", "vulnerability_id": "VCID-y6vr-xak2-5ufg", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05221", "scoring_system": "epss", "scoring_elements": "0.90088", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1203" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816", "reference_id": "590816", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203", "reference_id": "CVE-2010-1203", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0500", "reference_id": "RHSA-2010:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0501", "reference_id": "RHSA-2010:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0501" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6vr-xak2-5ufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2588?format=api", "vulnerability_id": "VCID-y8wr-ds4z-gfc2", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the owner document of an element can become null after garbage\ncollection. In such cases, event listeners may be executed within the\nwrong JavaScript context. An attacker could potentially use this\nvulnerability to have a malicious event handler execute arbitrary\nJavaScript with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04629", "scoring_system": "epss", "scoring_elements": "0.89444", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580", "reference_id": "503580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838", "reference_id": "CVE-2009-1838", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29", "reference_id": "mfsa2009-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1095", "reference_id": "RHSA-2009:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1096", "reference_id": "RHSA-2009:1096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1125", "reference_id": "RHSA-2009:1125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1126", "reference_id": "RHSA-2009:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1126" }, { "reference_url": "https://usn.ubuntu.com/779-1/", "reference_id": "USN-779-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/779-1/" }, { "reference_url": "https://usn.ubuntu.com/782-1/", "reference_id": "USN-782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1838" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8wr-ds4z-gfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2606?format=api", "vulnerability_id": "VCID-ycjq-pc6z-b7d2", "summary": "IOActive security researcher Dan Kaminsky reported a\nmismatch in the treatment of domain names in SSL certificates between SSL\nclients and the Certificate Authorities (CA) which issue server certificates.\nIn particular, if a malicious person requested a certificate for a host name\nwith an invalid null character in it most CAs would issue the\ncertificate if the requester owned the domain specified after the null, while\nmost SSL clients (browsers) ignored that part of the name and used the\nunvalidated part in front of the null. This made it possible for attackers to\nobtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted\ncommunication between the client and a server such as sensitive bank\naccount transactions.This vulnerability was independently reported to us by researcher\nMoxie Marlinspike who also noted that since Firefox\nrelies on SSL to protect the integrity of security updates this attack\ncould be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability\nResearch team for coordinating a multiple-vendor response to this problem.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01855", "scoring_system": "epss", "scoring_elements": "0.83342", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251", "reference_id": "510251", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934", "reference_id": "539934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408", "reference_id": "CVE-2009-2408", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-42", "reference_id": "mfsa2009-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1184", "reference_id": "RHSA-2009:1184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1186", "reference_id": "RHSA-2009:1186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1190", "reference_id": "RHSA-2009:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1207", "reference_id": "RHSA-2009:1207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1432", "reference_id": "RHSA-2009:1432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1432" }, { "reference_url": "https://usn.ubuntu.com/810-1/", "reference_id": "USN-810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2408" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycjq-pc6z-b7d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2201?format=api", "vulnerability_id": "VCID-yd45-93fw-13df", "summary": "Mozilla security researcher Georgi Guninski\nreported that when a SVG document which is served\nwith Content-Type: application/octet-stream is embedded\ninto another document via an <embed> tag\nwith type=\"image/svg+xml\", the Content-Type is ignored\nand the SVG document is processed normally. A website which allows\narbitrary binary data to be uploaded but which relies\non Content-Type: application/octet-stream to prevent\nscript execution could have such protection bypassed. An attacker\ncould upload a SVG document containing JavaScript as a binary file to\na website, embed the SVG document into a malicious page on another\nsite, and gain access to the script environment from the SVG-serving\nsite, bypassing the same-origin policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78394", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566052", "reference_id": "566052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162", "reference_id": "CVE-2010-0162", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05", "reference_id": "mfsa2010-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0112", "reference_id": "RHSA-2010:0112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0112" }, { "reference_url": "https://usn.ubuntu.com/895-1/", "reference_id": "USN-895-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/895-1/" }, { "reference_url": "https://usn.ubuntu.com/896-1/", "reference_id": "USN-896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0162" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yd45-93fw-13df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2584?format=api", "vulnerability_id": "VCID-ye7n-9kgr-mqc9", "summary": "One of the security fixes in Firefox 3.0.9 introduced a\nregression that caused some users to experience frequent crashes.\nUsers of the HTML Validator add-on were particularly affected, but\nother users also experienced this crash in some situations.\nIn analyzing this crash we discovered that it was due to memory\ncorruption similar to cases that have been identified as security\nvulnerabilities in the past.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32166", "scoring_system": "epss", "scoring_elements": "0.96912", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1313" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=497447", "reference_id": "497447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=497447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313", "reference_id": "CVE-2009-1313", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html", "reference_id": "CVE-2009-1313;OSVDB-54174", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html" }, { "reference_url": "https://www.securityfocus.com/bid/34743/info", "reference_id": "CVE-2009-1313;OSVDB-54174", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/34743/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-23", "reference_id": "mfsa2009-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0449", "reference_id": "RHSA-2009:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0449" }, { "reference_url": "https://usn.ubuntu.com/765-1/", "reference_id": "USN-765-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/765-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1313" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye7n-9kgr-mqc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2798?format=api", "vulnerability_id": "VCID-yedg-weex-wqgh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06835", "scoring_system": "epss", "scoring_elements": "0.91482", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989", "reference_id": "CVE-2011-2989", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29", "reference_id": "mfsa2011-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-29" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31", "reference_id": "mfsa2011-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-31" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33", "reference_id": "mfsa2011-33", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-33" }, { "reference_url": "https://usn.ubuntu.com/1192-1/", "reference_id": "USN-1192-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1192-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-2989" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yedg-weex-wqgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2605?format=api", "vulnerability_id": "VCID-yh2k-hmgj-c3h8", "summary": "Security researcher Gregory Fleischer reported\nthat text within a selection on a web page can be read by JavaScript\nin a different domain using the document.getSelection\nfunction, violating the same-origin policy. Since this vulnerability\nrequires user interaction to exploit, its severity was determined to\nbe moderate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64481", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=530167", "reference_id": "530167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375", "reference_id": "CVE-2009-3375", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61", "reference_id": "mfsa2009-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1530", "reference_id": "RHSA-2009:1530", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1531", "reference_id": "RHSA-2009:1531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1531" }, { "reference_url": "https://usn.ubuntu.com/853-1/", "reference_id": "USN-853-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/853-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yh2k-hmgj-c3h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2137?format=api", "vulnerability_id": "VCID-yh3u-9dtq-4qeu", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XMLHttpRequestSpy module in the Firebug add-on was exposing\nan underlying chrome privilege escalation vulnerability. When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary\nJavaScript on a victim's machine, though it required the victim to\nhave Firebug installed, so the overall severity of the issue was\ndetermined to be High.This vulnerability does not affect Firefox 3.6", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00723", "scoring_system": "epss", "scoring_elements": "0.72851", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578155", "reference_id": "578155", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179", "reference_id": "CVE-2010-0179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21", "reference_id": "mfsa2010-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0332", "reference_id": "RHSA-2010:0332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0332" }, { "reference_url": "https://usn.ubuntu.com/920-1/", "reference_id": "USN-920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/920-1/" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0179" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yh3u-9dtq-4qeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88959?format=api", "vulnerability_id": "VCID-yn1g-pbm8-mybp", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65544", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4508" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-4508" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn1g-pbm8-mybp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2143?format=api", "vulnerability_id": "VCID-yn2w-7p56-y7fe", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04587", "scoring_system": "epss", "scoring_elements": "0.89397", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=608108", "reference_id": "608108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608108" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201", "reference_id": "CVE-2010-1201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26", "reference_id": "mfsa2010-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-26" }, { "reference_url": "https://usn.ubuntu.com/930-1/", "reference_id": "USN-930-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-1/" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/943-1/", "reference_id": "USN-943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn2w-7p56-y7fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2184?format=api", "vulnerability_id": "VCID-yrjj-qpxp-hfbv", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05098", "scoring_system": "epss", "scoring_elements": "0.89965", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778", "reference_id": "CVE-2010-3778", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74", "reference_id": "mfsa2010-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-74" }, { "reference_url": "https://usn.ubuntu.com/1019-1/", "reference_id": "USN-1019-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1019-1/" }, { "reference_url": "https://usn.ubuntu.com/1020-1/", "reference_id": "USN-1020-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1020-1/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-3778" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjj-qpxp-hfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2639?format=api", "vulnerability_id": "VCID-ywsg-yvdy-wkb6", "summary": "Security researcher Attila Suszter reported that\nwhen a page contains a Flash object which presents a slow script\ndialog, and the page is navigated while the dialog is still visible to\nthe user, the Flash plugin is unloaded resulting in a crash due to a\ncall to the deleted object. This crash could potentially be used by\nan attacker to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05189", "scoring_system": "epss", "scoring_elements": "0.9006", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=512137", "reference_id": "512137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467", "reference_id": "CVE-2009-2467", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-35", "reference_id": "mfsa2009-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1162", "reference_id": "RHSA-2009:1162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1162" }, { "reference_url": "https://usn.ubuntu.com/798-1/", "reference_id": "USN-798-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/798-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2467" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywsg-yvdy-wkb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2416?format=api", "vulnerability_id": "VCID-yy1m-2bvc-hbc1", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities in feedWriter which allow scripts from page\ncontent to run with chrome privileges.Firefox 3 is not affected by this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02943", "scoring_system": "epss", "scoring_elements": "0.86677", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=463188", "reference_id": "463188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=463188" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836", "reference_id": "CVE-2008-3836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-39", "reference_id": "mfsa2008-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-39" }, { "reference_url": "https://usn.ubuntu.com/645-1/", "reference_id": "USN-645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-1/" }, { "reference_url": "https://usn.ubuntu.com/645-2/", "reference_id": "USN-645-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/645-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-3836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy1m-2bvc-hbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2875?format=api", "vulnerability_id": "VCID-yy5w-b7b7-ybd1", "summary": "Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04425", "scoring_system": "epss", "scoring_elements": "0.89201", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651", "reference_id": "CVE-2011-3651", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48", "reference_id": "mfsa2011-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-48" }, { "reference_url": "https://usn.ubuntu.com/1277-1/", "reference_id": "USN-1277-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1277-1/" }, { "reference_url": "https://usn.ubuntu.com/1282-1/", "reference_id": "USN-1282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1282-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3651" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy5w-b7b7-ybd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2405?format=api", "vulnerability_id": "VCID-z5zp-5nv7-gkgp", "summary": "Kojima Hajime reported that unlike literal null\ncharacters which were handled correctly, the escaped form '\\0'\nwas ignored by the CSS parser and treated as if it was not present in\nthe CSS input string. This issue could potentially be used to bypass\nscript sanitization routines in web applications. The severity of\nthis issue was determined to be low.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01018", "scoring_system": "epss", "scoring_elements": "0.77489", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5510" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476283", "reference_id": "476283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510", "reference_id": "CVE-2008-5510", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-67", "reference_id": "mfsa2008-67", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-67" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/717-3/", "reference_id": "USN-717-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5510" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z5zp-5nv7-gkgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2172?format=api", "vulnerability_id": "VCID-z6en-1gzy-6ffc", "summary": "phpBB developer Henry Sudhof reported that when an\nimage tag points to a resource that redirects to\na mailto: URL, the external mail handler application is\nlaunched. This issue poses no security threat to users but could\ncreate an annoyance when browsing a site that allows users to post\narbitrary images.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181", "reference_id": "CVE-2010-0181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23", "reference_id": "mfsa2010-23", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23" }, { "reference_url": "https://usn.ubuntu.com/921-1/", "reference_id": "USN-921-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/921-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-0181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z6en-1gzy-6ffc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88955?format=api", "vulnerability_id": "VCID-z7p6-x5jx-97cr", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2061", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56818", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2061" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-2061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7p6-x5jx-97cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2646?format=api", "vulnerability_id": "VCID-zbug-3a8h-tfbv", "summary": "Developer and Mozilla community member Paolo\nAmadini reported that when saving the inner frame of a web\npage as a file when the outer page has POST data associated with it,\nthe POST data will be incorrectly sent to the URL of the inner frame.\nThis could potentially result in a user's sensitive data being sent to\na site for which it was not intended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01175", "scoring_system": "epss", "scoring_elements": "0.79019", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=496271", "reference_id": "496271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311", "reference_id": "CVE-2009-1311", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-21", "reference_id": "mfsa2009-21", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0436", "reference_id": "RHSA-2009:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0437", "reference_id": "RHSA-2009:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0437" }, { "reference_url": "https://usn.ubuntu.com/764-1/", "reference_id": "USN-764-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/764-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-1311" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbug-3a8h-tfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88951?format=api", "vulnerability_id": "VCID-zdjb-aut8-rbeb", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox,\n Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n allow execution of arbitrary code or local privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.75084", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0367" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-0367" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdjb-aut8-rbeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2388?format=api", "vulnerability_id": "VCID-zee6-uc6n-4kck", "summary": "Security Researcher Mike Brooks of Sitewatch reported that\nif multiple Content Security Policy (CSP) headers are present on a page, they\nhave an additive effect page policy. Using carriage return line feed (CRLF)\ninjection, a new CSP rule can be introduced which allows for cross-site\nscripting (XSS) on sites with a separate header injection vulnerability.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43362", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=803114", "reference_id": "803114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451", "reference_id": "CVE-2012-0451", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-15", "reference_id": "mfsa2012-15", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0387", "reference_id": "RHSA-2012:0387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0388", "reference_id": "RHSA-2012:0388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0388" }, { "reference_url": "https://usn.ubuntu.com/1400-1/", "reference_id": "USN-1400-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-1/" }, { "reference_url": "https://usn.ubuntu.com/1400-3/", "reference_id": "USN-1400-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1400-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-0451" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zee6-uc6n-4kck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2233?format=api", "vulnerability_id": "VCID-zejg-gepa-yqaf", "summary": "Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to \"top\". This can allow for possible cross-site scripting (XSS) attacks through plugins. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84205", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632", "reference_id": "877632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209", "reference_id": "CVE-2012-4209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103", "reference_id": "mfsa2012-103", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1482", "reference_id": "RHSA-2012:1482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1483", "reference_id": "RHSA-2012:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1483" }, { "reference_url": "https://usn.ubuntu.com/1636-1/", "reference_id": "USN-1636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1636-1/" }, { "reference_url": "https://usn.ubuntu.com/1638-1/", "reference_id": "USN-1638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2012-4209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zejg-gepa-yqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2839?format=api", "vulnerability_id": "VCID-zey8-rnp8-7yh9", "summary": "David Rees reported that the JSSubScriptLoader (a\nfeature used by some add-ons) was \"unwrapping\" XPCNativeWrappers when they\nwere used as the scope parameter to loadSubScript(). Without\nthe protection of the wrappers the add-on could be vulnerable to privilege\nescalation attacks from malicious web content. Whether any given add-on\nwere vulnerable would depend on how the add-on used the feature\nand whether it interacted directly with web content, but we did find\nat least one vulnerable add-on and presume there are more.\nThe unwrapping behavior was a change introduced during Firefox 4\ndevelopment. Firefox 3.6 and earlier versions are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54651", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=751930", "reference_id": "751930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004", "reference_id": "CVE-2011-3004", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-43", "reference_id": "mfsa2011-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-43" }, { "reference_url": "https://usn.ubuntu.com/1222-1/", "reference_id": "USN-1222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3004" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zey8-rnp8-7yh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2350?format=api", "vulnerability_id": "VCID-zgcc-resp-k3h5", "summary": "For historical reasons Firefox has been generous in its interpretation of web\naddresses containing square brackets around the host. If this host was not a\nvalid IPv6 literal address, Firefox attempted to interpret the host as a regular\ndomain name. Gregory Fleischer reported that requests made\nusing IPv6 syntax using XMLHttpRequest objects through a proxy may generate\nerrors depending on proxy configuration for IPv6. The resulting error messages\nfrom the proxy may disclose sensitive data because Same-Origin Policy (SOP) will\nallow the XMLHttpRequest object to read these error messages, allowing user\nprivacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that\nmay break links written using the non-standard Firefox-only forms that were\npreviously accepted.\nThis was fixed previously for Firefox 7.0, Thunderbird 7.0, and\nSeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during\n2012.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00725", "scoring_system": "epss", "scoring_elements": "0.72882", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=785464", "reference_id": "785464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670", "reference_id": "CVE-2011-3670", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-02", "reference_id": "mfsa2012-02", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0079", "reference_id": "RHSA-2012:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0080", "reference_id": "RHSA-2012:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0084", "reference_id": "RHSA-2012:0084", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0085", "reference_id": "RHSA-2012:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0085" }, { "reference_url": "https://usn.ubuntu.com/1350-1/", "reference_id": "USN-1350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1350-1/" }, { "reference_url": "https://usn.ubuntu.com/1353-1/", "reference_id": "USN-1353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1353-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-3670" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgcc-resp-k3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2439?format=api", "vulnerability_id": "VCID-zhdz-2jas-bbaj", "summary": "Google security researcher Chris Evans reported that a\nwebsite could access a limited amount of data from a different domain by\nloading a same-domain JavaScript URL which redirects to an off-domain\ntarget resource containing data\nwhich is not parsable as JavaScript. Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the file\ncontext via the window.onerror DOM API.This issue could be used by a malicious website to steal private data\nfrom users who are authenticated on the redirected website. How much\ndata could be at risk would depend on the format of the data and how\nthe JavaScript parser attempts to interpret it. For most files the\namount of data that can be recovered would be limited to the first\nword or two. Some data files might allow deeper probing with\nrepeated loads.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.Update December 18, 2008: The Windows version of Firefox\n2.0.0.19 was shipped without the fix for this issue (other platforms\nwere correctly patched). Firefox 2.0.0.20 has been released on Windows\nto correct this oversight.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5507", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44096", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5507" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476280", "reference_id": "476280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507", "reference_id": "CVE-2008-5507", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-65", "reference_id": "mfsa2008-65", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1036", "reference_id": "RHSA-2008:1036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:1037", "reference_id": "RHSA-2008:1037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:1037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0002", "reference_id": "RHSA-2009:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0002" }, { "reference_url": "https://usn.ubuntu.com/690-1/", "reference_id": "USN-690-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-1/" }, { "reference_url": "https://usn.ubuntu.com/690-2/", "reference_id": "USN-690-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-2/" }, { "reference_url": "https://usn.ubuntu.com/690-3/", "reference_id": "USN-690-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/690-3/" }, { "reference_url": "https://usn.ubuntu.com/701-1/", "reference_id": "USN-701-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-1/" }, { "reference_url": "https://usn.ubuntu.com/701-2/", "reference_id": "USN-701-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/701-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2008-5507" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhdz-2jas-bbaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=api", "vulnerability_id": "VCID-znvx-aqbr-2yck", "summary": "Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue. Firefox 3 does not contain the fix for this issue.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" }, { "reference_url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html" }, { "reference_url": "http://blogs.iss.net/archive/sslmitmiscsrf.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html" }, { "reference_url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during" }, { "reference_url": "http://clicky.me/tlsvuln", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://clicky.me/tlsvuln" }, { "reference_url": "http://extendedsubset.com/?p=8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://extendedsubset.com/?p=8" }, { "reference_url": "http://extendedsubset.com/Renegotiating_TLS.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://extendedsubset.com/Renegotiating_TLS.pdf" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041" }, { "reference_url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "reference_url": "http://kbase.redhat.com/faq/docs/DOC-20491", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" }, { "reference_url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "reference_url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" }, { "reference_url": "http://marc.info/?l=cryptography&m=125752275331877&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://marc.info/?l=cryptography&m=125752275331877&w=2" }, { "reference_url": "http://openbsd.org/errata45.html#010_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://openbsd.org/errata45.html#010_openssl" }, { "reference_url": "http://openbsd.org/errata46.html#004_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://openbsd.org/errata46.html#004_openssl" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1579", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1580", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1694", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0165", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0337", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0338", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0339", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0440", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0768", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0770", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0786", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0786" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0807", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0986", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0987", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2011:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1591", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1591" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03741", "scoring_system": "epss", "scoring_elements": "0.88206", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "reference_url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" }, { "reference_url": "http://seclists.org/fulldisclosure/2009/Nov/139", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://seclists.org/fulldisclosure/2009/Nov/139" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200912-01.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201203-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5" }, { "reference_url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d" }, { "reference_url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3" }, { "reference_url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701" }, { "reference_url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02" }, { "reference_url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3" }, { "reference_url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d" }, { "reference_url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366" }, { "reference_url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "reference_url": "https://kb.bluecoat.com/index?page=content&id=SA50", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://kb.bluecoat.com/index?page=content&id=SA50" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446" }, { "reference_url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535" }, { "reference_url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html" }, { "reference_url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt" }, { "reference_url": "https://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-5.html" }, { "reference_url": "https://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-6.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1" }, { "reference_url": "http://support.apple.com/kb/HT4004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4004" }, { "reference_url": "http://support.apple.com/kb/HT4170", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4170" }, { "reference_url": "http://support.apple.com/kb/HT4171", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.apple.com/kb/HT4171" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100070150", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100070150" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100081611", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100081611" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114315", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114315" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114327", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.avaya.com/css/P8/documents/100114327" }, { "reference_url": "http://support.citrix.com/article/CTX123359", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.citrix.com/article/CTX123359" }, { "reference_url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" }, { "reference_url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html" }, { "reference_url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt" }, { "reference_url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html" }, { "reference_url": "http://ubuntu.com/usn/usn-923-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "reference_url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312" }, { "reference_url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only" }, { "reference_url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt" }, { "reference_url": "http://www.betanews.com/article/1257452450", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.betanews.com/article/1257452450" }, { "reference_url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2009/dsa-1934" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2141", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3253", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "reference_url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html" }, { "reference_url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html" }, { "reference_url": "http://www.ingate.com/Relnote.php?ver=481", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ingate.com/Relnote.php?ver=481" }, { "reference_url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "reference_url": "http://www.kb.cert.org/vuls/id/120541", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.kb.cert.org/vuls/id/120541" }, { "reference_url": "http://www.links.org/?p=780", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=780" }, { "reference_url": "http://www.links.org/?p=786", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=786" }, { "reference_url": "http://www.links.org/?p=789", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.links.org/?p=789" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089" }, { "reference_url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html" }, { "reference_url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html" }, { "reference_url": "http://www.openssl.org/news/secadv_20091111.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openssl.org/news/secadv_20091111.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/07/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/23/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "reference_url": "http://www.opera.com/docs/changelogs/unix/1060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/docs/changelogs/unix/1060" }, { "reference_url": "http://www.opera.com/support/search/view/944", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/support/search/view/944" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" }, { "reference_url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" }, { "reference_url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html" }, { "reference_url": "http://www.tombom.co.uk/blog/?p=85", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.tombom.co.uk/blog/?p=85" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1010-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1010-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-4" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.ubuntu.com/usn/USN-927-5" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "reference_url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0032", "reference_id": "0032", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0032" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0033", "reference_id": "0033", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0033" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0086", "reference_id": "0086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0086" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0086", "reference_id": "0086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0086" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0173", "reference_id": "0173", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0173" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0748", "reference_id": "0748", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0748" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0848", "reference_id": "0848", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0848" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0916", "reference_id": "0916", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0916" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0933", "reference_id": "0933", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0933" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0982", "reference_id": "0982", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0982" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0994", "reference_id": "0994", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/0994" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1054", "reference_id": "1054", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1054" }, { "reference_url": "http://www.opera.com/docs/changelogs/unix/1060/", "reference_id": "1060", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.opera.com/docs/changelogs/unix/1060/" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1191", "reference_id": "1191", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1191" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1350", "reference_id": "1350", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1350" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1639", "reference_id": "1639", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1639" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1673", "reference_id": "1673", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1673" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1793", "reference_id": "1793", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/1793" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2010", "reference_id": "2010", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2010" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2745", "reference_id": "2745", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/2745" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3069", "reference_id": "3069", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3069" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3086", "reference_id": "3086", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3086" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3126", "reference_id": "3126", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3126" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3164", "reference_id": "3164", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3164" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3165", "reference_id": "3165", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3165" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3205", "reference_id": "3205", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3205" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3220", "reference_id": "3220", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3220" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3310", "reference_id": "3310", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3310" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3313", "reference_id": "3313", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3313" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3353", "reference_id": "3353", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3353" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3354", "reference_id": "3354", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3354" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3484", "reference_id": "3484", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3484" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3521", "reference_id": "3521", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3521" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3587", "reference_id": "3587", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.vupen.com/english/advisories/2009/3587" }, { "reference_url": "http://www.securityfocus.com/bid/36935", "reference_id": "36935", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/bid/36935" }, { "reference_url": "http://secunia.com/advisories/37291", "reference_id": "37291", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37291" }, { "reference_url": "http://secunia.com/advisories/37292", "reference_id": "37292", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37292" }, { "reference_url": "http://secunia.com/advisories/37320", "reference_id": "37320", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37320" }, { "reference_url": "http://secunia.com/advisories/37383", "reference_id": "37383", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37383" }, { "reference_url": "http://secunia.com/advisories/37399", "reference_id": "37399", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37399" }, { "reference_url": "http://secunia.com/advisories/37453", "reference_id": "37453", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37453" }, { "reference_url": "http://secunia.com/advisories/37501", "reference_id": "37501", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37501" }, { "reference_url": "http://secunia.com/advisories/37504", "reference_id": "37504", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37504" }, { "reference_url": "http://secunia.com/advisories/37604", "reference_id": "37604", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37604" }, { "reference_url": "http://secunia.com/advisories/37640", "reference_id": "37640", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37640" }, { "reference_url": "http://secunia.com/advisories/37656", "reference_id": "37656", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37656" }, { "reference_url": "http://secunia.com/advisories/37675", "reference_id": "37675", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37675" }, { "reference_url": "http://secunia.com/advisories/37859", "reference_id": "37859", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/37859" }, { "reference_url": "http://secunia.com/advisories/38003", "reference_id": "38003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38003" }, { "reference_url": "http://secunia.com/advisories/38020", "reference_id": "38020", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38020" }, { "reference_url": "http://secunia.com/advisories/38056", "reference_id": "38056", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38056" }, { "reference_url": "http://secunia.com/advisories/38241", "reference_id": "38241", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38241" }, { "reference_url": "http://secunia.com/advisories/38484", "reference_id": "38484", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38484" }, { "reference_url": "http://secunia.com/advisories/38687", "reference_id": "38687", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38687" }, { "reference_url": "http://secunia.com/advisories/38781", "reference_id": "38781", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/38781" }, { "reference_url": "http://secunia.com/advisories/39127", "reference_id": "39127", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39127" }, { "reference_url": "http://secunia.com/advisories/39136", "reference_id": "39136", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39136" }, { "reference_url": "http://secunia.com/advisories/39242", "reference_id": "39242", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39242" }, { "reference_url": "http://secunia.com/advisories/39243", "reference_id": "39243", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39243" }, { "reference_url": "http://secunia.com/advisories/39278", "reference_id": "39278", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39278" }, { "reference_url": "http://secunia.com/advisories/39292", "reference_id": "39292", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39292" }, { "reference_url": "http://secunia.com/advisories/39317", "reference_id": "39317", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39317" }, { "reference_url": "http://secunia.com/advisories/39461", "reference_id": "39461", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39461" }, { "reference_url": "http://secunia.com/advisories/39500", "reference_id": "39500", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39500" }, { "reference_url": "http://secunia.com/advisories/39628", "reference_id": "39628", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39628" }, { "reference_url": "http://secunia.com/advisories/39632", "reference_id": "39632", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39632" }, { "reference_url": "http://secunia.com/advisories/39713", "reference_id": "39713", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39713" }, { "reference_url": "http://secunia.com/advisories/39819", "reference_id": "39819", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/39819" }, { "reference_url": "http://secunia.com/advisories/40070", "reference_id": "40070", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40070" }, { "reference_url": "http://secunia.com/advisories/40545", "reference_id": "40545", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40545" }, { "reference_url": "http://secunia.com/advisories/40747", "reference_id": "40747", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40747" }, { "reference_url": "http://secunia.com/advisories/40866", "reference_id": "40866", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/40866" }, { "reference_url": "http://secunia.com/advisories/41480", "reference_id": "41480", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41480" }, { "reference_url": "http://secunia.com/advisories/41490", "reference_id": "41490", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41490" }, { "reference_url": "http://secunia.com/advisories/41818", "reference_id": "41818", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41818" }, { "reference_url": "http://secunia.com/advisories/41967", "reference_id": "41967", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41967" }, { "reference_url": "http://secunia.com/advisories/41972", "reference_id": "41972", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/41972" }, { "reference_url": "http://secunia.com/advisories/42377", "reference_id": "42377", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42377" }, { "reference_url": "http://secunia.com/advisories/42379", "reference_id": "42379", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42379" }, { "reference_url": "http://secunia.com/advisories/42467", "reference_id": "42467", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42467" }, { "reference_url": "http://secunia.com/advisories/42724", "reference_id": "42724", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42724" }, { "reference_url": "http://secunia.com/advisories/42733", "reference_id": "42733", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42733" }, { "reference_url": "http://secunia.com/advisories/42808", "reference_id": "42808", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42808" }, { "reference_url": "http://secunia.com/advisories/42811", "reference_id": "42811", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42811" }, { "reference_url": "http://secunia.com/advisories/42816", "reference_id": "42816", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/42816" }, { "reference_url": "http://secunia.com/advisories/43308", "reference_id": "43308", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/43308" }, { "reference_url": "http://secunia.com/advisories/44954", "reference_id": "44954", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/44954" }, { "reference_url": "http://secunia.com/advisories/48577", "reference_id": "48577", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://secunia.com/advisories/48577" }, { "reference_url": "http://www.securityfocus.com/archive/1/522176", "reference_id": "522176", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/522176" }, { "reference_url": "http://osvdb.org/60521", "reference_id": "60521", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/60521" }, { "reference_url": "http://osvdb.org/60972", "reference_id": "60972", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/60972" }, { "reference_url": "http://osvdb.org/62210", "reference_id": "62210", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/62210" }, { "reference_url": "http://osvdb.org/65202", "reference_id": "65202", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://osvdb.org/65202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649", "reference_id": "765649", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649" }, { "reference_url": "http://www.opera.com/support/search/view/944/", "reference_id": "944", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.opera.com/support/search/view/944/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555", "reference_id": "CVE-2009-3555", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py", "reference_id": "CVE-2009-3555", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35888/info", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35888/info" }, { "reference_url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E", "reference_id": "f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6", "reference_id": "GHSA-f7w7-6pjc-wwm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6" }, { "reference_url": "https://security.gentoo.org/glsa/200912-01", "reference_id": "GLSA-200912-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-01" }, { "reference_url": "https://security.gentoo.org/glsa/201006-18", "reference_id": "GLSA-201006-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-18" }, { "reference_url": "https://security.gentoo.org/glsa/201110-05", "reference_id": "GLSA-201110-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-05" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" }, { "reference_url": "https://security.gentoo.org/glsa/201206-18", "reference_id": "GLSA-201206-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-18" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201309-15", "reference_id": "GLSA-201309-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-15" }, { "reference_url": "https://security.gentoo.org/glsa/201311-13", "reference_id": "GLSA-201311-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-13" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "http://securitytracker.com/id?1023148", "reference_id": "id?1023148", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://securitytracker.com/id?1023148" }, { "reference_url": "http://www.securitytracker.com/id?1023163", "reference_id": "id?1023163", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023163" }, { "reference_url": "http://www.securitytracker.com/id?1023204", "reference_id": "id?1023204", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023204" }, { "reference_url": "http://www.securitytracker.com/id?1023205", "reference_id": "id?1023205", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023205" }, { "reference_url": "http://www.securitytracker.com/id?1023206", "reference_id": "id?1023206", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023206" }, { "reference_url": "http://www.securitytracker.com/id?1023207", "reference_id": "id?1023207", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023207" }, { "reference_url": "http://www.securitytracker.com/id?1023208", "reference_id": "id?1023208", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023208" }, { "reference_url": "http://www.securitytracker.com/id?1023209", "reference_id": "id?1023209", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023209" }, { "reference_url": "http://www.securitytracker.com/id?1023210", "reference_id": "id?1023210", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023210" }, { "reference_url": "http://www.securitytracker.com/id?1023211", "reference_id": "id?1023211", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023211" }, { "reference_url": "http://www.securitytracker.com/id?1023212", "reference_id": "id?1023212", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023212" }, { "reference_url": "http://www.securitytracker.com/id?1023213", "reference_id": "id?1023213", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023213" }, { "reference_url": "http://www.securitytracker.com/id?1023214", "reference_id": "id?1023214", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023214" }, { "reference_url": "http://www.securitytracker.com/id?1023215", "reference_id": "id?1023215", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023215" }, { "reference_url": "http://www.securitytracker.com/id?1023216", "reference_id": "id?1023216", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023216" }, { "reference_url": "http://www.securitytracker.com/id?1023217", "reference_id": "id?1023217", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023217" }, { "reference_url": "http://www.securitytracker.com/id?1023218", "reference_id": "id?1023218", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023218" }, { "reference_url": "http://www.securitytracker.com/id?1023219", "reference_id": "id?1023219", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023219" }, { "reference_url": "http://www.securitytracker.com/id?1023224", "reference_id": "id?1023224", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023224" }, { "reference_url": "http://www.securitytracker.com/id?1023243", "reference_id": "id?1023243", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023243" }, { "reference_url": "http://www.securitytracker.com/id?1023270", "reference_id": "id?1023270", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023270" }, { "reference_url": "http://www.securitytracker.com/id?1023271", "reference_id": "id?1023271", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023271" }, { "reference_url": "http://www.securitytracker.com/id?1023272", "reference_id": "id?1023272", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023272" }, { "reference_url": "http://www.securitytracker.com/id?1023273", "reference_id": "id?1023273", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023273" }, { "reference_url": "http://www.securitytracker.com/id?1023274", "reference_id": "id?1023274", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023274" }, { "reference_url": "http://www.securitytracker.com/id?1023275", "reference_id": "id?1023275", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023275" }, { "reference_url": "http://www.securitytracker.com/id?1023411", "reference_id": "id?1023411", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023411" }, { "reference_url": "http://www.securitytracker.com/id?1023426", "reference_id": "id?1023426", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023426" }, { "reference_url": "http://www.securitytracker.com/id?1023427", "reference_id": "id?1023427", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023427" }, { "reference_url": "http://www.securitytracker.com/id?1023428", "reference_id": "id?1023428", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1023428" }, { "reference_url": "http://www.securitytracker.com/id?1024789", "reference_id": "id?1024789", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securitytracker.com/id?1024789" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22", "reference_id": "mfsa2010-22", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A10088", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A11578", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A11617", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7315", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7478", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A7973", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A8366", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535", "reference_id": "oval%3Aorg.mitre.oval%3Adef%3A8535", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535" }, { "reference_url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", "reference_id": "plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" }, { "reference_url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E", "reference_id": "re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/" } ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/1010-1/", "reference_id": "USN-1010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1010-1/" }, { "reference_url": "https://usn.ubuntu.com/860-1/", "reference_id": "USN-860-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/860-1/" }, { "reference_url": "https://usn.ubuntu.com/923-1/", "reference_id": "USN-923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/923-1/" }, { "reference_url": "https://usn.ubuntu.com/927-1/", "reference_id": "USN-927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-1/" }, { "reference_url": "https://usn.ubuntu.com/927-4/", "reference_id": "USN-927-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-4/" }, { "reference_url": "https://usn.ubuntu.com/927-6/", "reference_id": "USN-927-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-6/" }, { "reference_url": "https://usn.ubuntu.com/990-1/", "reference_id": "USN-990-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-1/" }, { "reference_url": "https://usn.ubuntu.com/990-2/", "reference_id": "USN-990-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-3555", "GHSA-f7w7-6pjc-wwm6", "VU#120541" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znvx-aqbr-2yck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2138?format=api", "vulnerability_id": "VCID-zp33-mbkb-aydv", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used\nto store the plugin parameters. Under such conditions, too small a\nbuffer would be created and attacker-controlled data could be written\npast the end of the buffer, potentially resulting in code\nexecution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0734", "scoring_system": "epss", "scoring_elements": "0.91814", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1214" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462", "reference_id": "615462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=615462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214", "reference_id": "CVE-2010-1214", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py", "reference_id": "CVE-2010-1214", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt", "reference_id": "CVE-2010-1214;OSVDB-66594", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt" }, { "reference_url": "https://www.securityfocus.com/bid/41842/info", "reference_id": "CVE-2010-1214;OSVDB-66594", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/41842/info" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37", "reference_id": "mfsa2010-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0544", "reference_id": "RHSA-2010:0544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0545", "reference_id": "RHSA-2010:0545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0546", "reference_id": "RHSA-2010:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0547", "reference_id": "RHSA-2010:0547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0547" }, { "reference_url": "https://usn.ubuntu.com/930-4/", "reference_id": "USN-930-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/930-4/" }, { "reference_url": "https://usn.ubuntu.com/957-1/", "reference_id": "USN-957-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/957-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-1214" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zp33-mbkb-aydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2120?format=api", "vulnerability_id": "VCID-ztea-k4bh-bug9", "summary": "Security researchers David Huang\nand Collin Jackson of Carnegie Mellon University\nCyLab (Silicon Valley campus) reported that the type\nattribute of an <object> tag can override the charset of a\nframed HTML document, even when the document is included across\norigins. A page could be constructed containing such an\n<object> tag which sets the charset of the framed document to\nUTF-7. This could potentially allow an attacker to inject UTF-7\nencoded JavaScript into a site, bypassing the site's XSS filters, and\nthen executing the code using the above technique.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73827", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=630074", "reference_id": "630074", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768", "reference_id": "CVE-2010-2768", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61", "reference_id": "mfsa2010-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0680", "reference_id": "RHSA-2010:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0681", "reference_id": "RHSA-2010:0681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0682", "reference_id": "RHSA-2010:0682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0682" }, { "reference_url": "https://usn.ubuntu.com/975-1/", "reference_id": "USN-975-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/975-1/" }, { "reference_url": "https://usn.ubuntu.com/978-1/", "reference_id": "USN-978-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/978-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2010-2768" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztea-k4bh-bug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2842?format=api", "vulnerability_id": "VCID-zxps-xjq5-qyha", "summary": "Security researcher Paul Stone reported that a\nJava applet could be used to mimic interaction with form autocomplete\ncontrols and steal entries from the form history.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67114", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644", "reference_id": "700644", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067", "reference_id": "CVE-2011-0067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14", "reference_id": "mfsa2011-14", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2011-0067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxps-xjq5-qyha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2608?format=api", "vulnerability_id": "VCID-zy16-tskh-aka5", "summary": "Developer and Mozilla community member Wladimir Palant\nreported that cookies marked HTTPOnly were readable by JavaScript via\nthe XMLHttpRequest.getResponseHeader and \nXMLHttpRequest.getAllResponseHeaders APIs. This vulnerability\nbypasses the security mechanism provided by the HTTPOnly flag which\nintends to restrict JavaScript access to document.cookie.The fix prevents the XMLHttpRequest feature from accessing the\nSet-Cookie and Set-Cookie2 headers of any response\nwhether or not the HTTPOnly flag was set for those cookies.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78144", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0357" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=483145", "reference_id": "483145", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=483145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357", "reference_id": "CVE-2009-0357", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-05", "reference_id": "mfsa2009-05", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0256", "reference_id": "RHSA-2009:0256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0257", "reference_id": "RHSA-2009:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0257" }, { "reference_url": "https://usn.ubuntu.com/717-1/", "reference_id": "USN-717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-1/" }, { "reference_url": "https://usn.ubuntu.com/717-2/", "reference_id": "USN-717-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-2/" }, { "reference_url": "https://usn.ubuntu.com/717-3/", "reference_id": "USN-717-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/717-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334862?format=api", "purl": "pkg:ebuild/net-libs/xulrunner-bin@3.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.14" } ], "aliases": [ "CVE-2009-0357" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy16-tskh-aka5" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner-bin@3.0.4-r1" }