{"url":"http://public2.vulnerablecode.io/api/packages/128146?format=json","purl":"pkg:rpm/redhat/firefox@3.0.15-3?arch=el5_4","type":"rpm","namespace":"redhat","name":"firefox","version":"3.0.15-3","qualifiers":{"arch":"el5_4"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88007?format=json","vulnerability_id":"VCID-16d6-e24t-dfb7","summary":"Firefox integer underflow in FTP directory list parser","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3384.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3384","reference_id":"","reference_type":"","scores":[{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.7934","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79347","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.7937","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79382","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79391","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79414","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79387","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79419","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79417","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.7942","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79473","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79489","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.7951","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79528","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79525","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79541","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01257","scoring_system":"epss","scoring_elements":"0.79577","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3384"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530164","reference_id":"530164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[],"aliases":["CVE-2009-3384"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16d6-e24t-dfb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63614?format=json","vulnerability_id":"VCID-2jhf-j64s-gygy","summary":"Security researcher Alin Rad Pop of Secunia\nResearch reported a heap-based buffer overflow in Mozilla's string to\nfloating point number conversion routines.  Using this vulnerability\nan attacker could craft some malicious JavaScript code containing a\nvery long string to be converted to a floating point number which\nwould result in improper memory allocation and the execution of an\narbitrary memory location.  This vulnerability could thus be leveraged\nby the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used\nby Mozilla appears to be essentially the same as that reported against the\nlibc gdtoa routine by Maksymilian Arciemowicz.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0689.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0689","reference_id":"","reference_type":"","scores":[{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97465","published_at":"2026-05-14T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97395","published_at":"2026-04-01T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.9745","published_at":"2026-05-11T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97455","published_at":"2026-05-12T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97406","published_at":"2026-04-04T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97408","published_at":"2026-04-07T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97415","published_at":"2026-04-08T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97419","published_at":"2026-04-11T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97429","published_at":"2026-04-16T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97433","published_at":"2026-04-21T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97432","published_at":"2026-04-24T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.9744","published_at":"2026-05-05T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.4176","scoring_system":"epss","scoring_elements":"0.97447","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=539784","reference_id":"539784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=539784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689","reference_id":"CVE-2009-0689","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10185.txt","reference_id":"CVE-2009-0689","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10185.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10187.txt","reference_id":"CVE-2009-0689;OSVDB-61186","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10187.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33363.txt","reference_id":"CVE-2009-0689;OSVDB-61186","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33363.txt"},{"reference_url":"https://www.securityfocus.com/bid/37078/info","reference_id":"CVE-2009-0689;OSVDB-61186","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37078/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/10184.txt","reference_id":"CVE-2009-0689;OSVDB-61187","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/10184.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33364.txt","reference_id":"CVE-2009-0689;OSVDB-61187","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33364.txt"},{"reference_url":"https://www.securityfocus.com/bid/37080/info","reference_id":"CVE-2009-0689;OSVDB-61187","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37080/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33312.txt","reference_id":"CVE-2009-0689;OSVDB-61189","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33312.txt"},{"reference_url":"https://www.securityfocus.com/bid/36851/info","reference_id":"CVE-2009-0689;OSVDB-61189","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36851/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10186.txt","reference_id":"CVE-2009-0689;OSVDB-62402","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10186.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33058.txt","reference_id":"CVE-2009-0689;OSVDB-63639","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33058.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/dos/33479.c","reference_id":"CVE-2009-0689;OSVDB-63639","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/dos/33479.c"},{"reference_url":"https://www.securityfocus.com/bid/35510/info","reference_id":"CVE-2009-0689;OSVDB-63639","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35510/info"},{"reference_url":"https://www.securityfocus.com/bid/37687/info","reference_id":"CVE-2009-0689;OSVDB-63639","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37687/info"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33480.txt","reference_id":"CVE-2009-0689;OSVDB-63641","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33480.txt"},{"reference_url":"https://www.securityfocus.com/bid/37688/info","reference_id":"CVE-2009-0689;OSVDB-63641","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37688/info"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59","reference_id":"mfsa2009-59","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/10380.pl","reference_id":"OSVDB-61189;CVE-2009-0689","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/10380.pl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1601","reference_id":"RHSA-2009:1601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0311","reference_id":"RHSA-2014:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0312","reference_id":"RHSA-2014:0312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0312"},{"reference_url":"https://usn.ubuntu.com/871-1/","reference_id":"USN-871-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/871-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[],"aliases":["CVE-2009-0689"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jhf-j64s-gygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53001?format=json","vulnerability_id":"VCID-4vaj-81k4-n3a6","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3374","reference_id":"","reference_type":"","scores":[{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75654","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75404","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75407","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75439","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75462","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75472","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75491","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.7547","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75459","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75507","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75528","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75533","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75537","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75547","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75577","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.756","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75582","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75599","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530157","reference_id":"530157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374","reference_id":"CVE-2009-3374","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57","reference_id":"mfsa2009-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3374"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vaj-81k4-n3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52993?format=json","vulnerability_id":"VCID-58z4-jhs8-kyay","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3372","reference_id":"","reference_type":"","scores":[{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82838","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.8258","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82595","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82611","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82607","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.8264","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82652","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82647","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82685","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82688","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.8271","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82719","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82745","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82767","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82788","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82786","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0177","scoring_system":"epss","scoring_elements":"0.82802","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530155","reference_id":"530155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372","reference_id":"CVE-2009-3372","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55","reference_id":"mfsa2009-55","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3372"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58z4-jhs8-kyay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53005?format=json","vulnerability_id":"VCID-5bdt-dd2k-c7gq","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3376","reference_id":"","reference_type":"","scores":[{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86561","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86572","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86591","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.8661","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.8662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86634","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86638","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86644","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86637","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86655","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86664","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86663","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86685","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86703","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.8672","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86715","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86726","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530168","reference_id":"530168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376","reference_id":"CVE-2009-3376","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62","reference_id":"mfsa2009-62","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3376"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bdt-dd2k-c7gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53002?format=json","vulnerability_id":"VCID-aw3w-yap1-u7cx","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3375","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.6436","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64102","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64158","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64146","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64196","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64226","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64215","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64221","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64233","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64242","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64255","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64254","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64225","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64269","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64314","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64282","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64307","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530167","reference_id":"530167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375","reference_id":"CVE-2009-3375","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61","reference_id":"mfsa2009-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3375"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aw3w-yap1-u7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52991?format=json","vulnerability_id":"VCID-b76x-3z8j-4fa9","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3274","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33622","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34211","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34244","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34106","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34149","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34178","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34135","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34148","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.341","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33727","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33705","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33619","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33501","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3357","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33612","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33523","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33546","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=524815","reference_id":"524815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=524815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274","reference_id":"CVE-2009-3274","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53","reference_id":"mfsa2009-53","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3274"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b76x-3z8j-4fa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52997?format=json","vulnerability_id":"VCID-h68j-ht6w-jqbm","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3373","reference_id":"","reference_type":"","scores":[{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93729","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93616","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93625","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93636","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93645","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93651","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.9367","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93677","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.9368","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93685","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93684","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93682","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.9369","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93701","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93709","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.9371","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93716","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3373"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530156","reference_id":"530156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373","reference_id":"CVE-2009-3373","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt","reference_id":"CVE-2009-3373;OSVDB-59393","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt"},{"reference_url":"https://www.securityfocus.com/bid/36855/info","reference_id":"CVE-2009-3373;OSVDB-59393","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36855/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56","reference_id":"mfsa2009-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3373"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h68j-ht6w-jqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63615?format=json","vulnerability_id":"VCID-nx8g-hhbk-yyep","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3370.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3370","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68345","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68258","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68286","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68084","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68125","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68169","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68194","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6818","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68147","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68185","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68179","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68222","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68231","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68236","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68211","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68256","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68293","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3370"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530151","reference_id":"530151","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370","reference_id":"CVE-2009-3370","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-52","reference_id":"mfsa2009-52","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3370"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nx8g-hhbk-yyep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52554?format=json","vulnerability_id":"VCID-qqg4-kz4u-hbh8","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530162","reference_id":"530162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530162"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-1563"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqg4-kz4u-hbh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53025?format=json","vulnerability_id":"VCID-sua6-rkjm-qyge","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3382","reference_id":"","reference_type":"","scores":[{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94811","published_at":"2026-05-14T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94709","published_at":"2026-04-01T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94717","published_at":"2026-04-02T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94721","published_at":"2026-04-04T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94723","published_at":"2026-04-07T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94733","published_at":"2026-04-08T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94737","published_at":"2026-04-09T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94741","published_at":"2026-04-11T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94754","published_at":"2026-04-16T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94757","published_at":"2026-04-18T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.9476","published_at":"2026-04-24T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94762","published_at":"2026-04-29T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94769","published_at":"2026-05-05T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94778","published_at":"2026-05-07T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94787","published_at":"2026-05-09T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94794","published_at":"2026-05-11T12:55:00Z"},{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94799","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530569","reference_id":"530569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382","reference_id":"CVE-2009-3382","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html","reference_id":"CVE-2009-3382;OSVDB-59384","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html"},{"reference_url":"https://www.securityfocus.com/bid/36866/info","reference_id":"CVE-2009-3382;OSVDB-59384","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36866/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3382"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sua6-rkjm-qyge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53019?format=json","vulnerability_id":"VCID-yn4z-ymst-1bew","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3380","reference_id":"","reference_type":"","scores":[{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87966","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87795","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87817","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.8782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87842","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87849","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.8786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87854","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87867","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87865","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87862","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87878","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87884","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87882","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87893","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87908","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87924","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.8792","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.87933","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3380"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530567","reference_id":"530567","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380","reference_id":"CVE-2009-3380","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3380"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn4z-ymst-1bew"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@3.0.15-3%3Farch=el5_4"}