{"url":"http://public2.vulnerablecode.io/api/packages/178294?format=json","purl":"pkg:rpm/redhat/nss@3.15.3-2?arch=el6_5","type":"rpm","namespace":"redhat","name":"nss","version":"3.15.3-2","qualifiers":{"arch":"el6_5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1981?format=json","vulnerability_id":"VCID-2amq-1dpv-r7ce","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5605.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5605","reference_id":"","reference_type":"","scores":[{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86383","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86359","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86382","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86381","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.8638","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86367","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5605"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1030807","reference_id":"1030807","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1030807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605","reference_id":"CVE-2013-5605","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605"},{"reference_url":"https://security.gentoo.org/glsa/201406-19","reference_id":"GLSA-201406-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-19"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1791","reference_id":"RHSA-2013:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1829","reference_id":"RHSA-2013:1829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1840","reference_id":"RHSA-2013:1840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1841","reference_id":"RHSA-2013:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0041","reference_id":"RHSA-2014:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0041"},{"reference_url":"https://usn.ubuntu.com/2030-1/","reference_id":"USN-2030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2030-1/"},{"reference_url":"https://usn.ubuntu.com/2031-1/","reference_id":"USN-2031-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2031-1/"},{"reference_url":"https://usn.ubuntu.com/2032-1/","reference_id":"USN-2032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2032-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5605"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2amq-1dpv-r7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2000?format=json","vulnerability_id":"VCID-c6v9-maak-dyde","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1739.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1739","reference_id":"","reference_type":"","scores":[{"value":"0.03954","scoring_system":"epss","scoring_elements":"0.88566","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03954","scoring_system":"epss","scoring_elements":"0.88583","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03954","scoring_system":"epss","scoring_elements":"0.88585","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03954","scoring_system":"epss","scoring_elements":"0.88584","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03954","scoring_system":"epss","scoring_elements":"0.88602","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1739"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1012740","reference_id":"1012740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1012740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726473","reference_id":"726473","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739","reference_id":"CVE-2013-1739","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739"},{"reference_url":"https://security.gentoo.org/glsa/201406-19","reference_id":"GLSA-201406-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93","reference_id":"mfsa2013-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1791","reference_id":"RHSA-2013:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1829","reference_id":"RHSA-2013:1829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1829"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"},{"reference_url":"https://usn.ubuntu.com/2030-1/","reference_id":"USN-2030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2030-1/"}],"fixed_packages":[],"aliases":["CVE-2013-1739"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6v9-maak-dyde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1983?format=json","vulnerability_id":"VCID-nmpw-53d9-cqaj","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1741.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1741","reference_id":"","reference_type":"","scores":[{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85927","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85903","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85925","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85926","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85924","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85912","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1741"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031458","reference_id":"1031458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031458"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735105","reference_id":"735105","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741","reference_id":"CVE-2013-1741","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741"},{"reference_url":"https://security.gentoo.org/glsa/201406-19","reference_id":"GLSA-201406-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-19"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1791","reference_id":"RHSA-2013:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1829","reference_id":"RHSA-2013:1829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1829"},{"reference_url":"https://usn.ubuntu.com/2030-1/","reference_id":"USN-2030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2030-1/"},{"reference_url":"https://usn.ubuntu.com/2031-1/","reference_id":"USN-2031-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2031-1/"},{"reference_url":"https://usn.ubuntu.com/2032-1/","reference_id":"USN-2032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2032-1/"}],"fixed_packages":[],"aliases":["CVE-2013-1741"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmpw-53d9-cqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1984?format=json","vulnerability_id":"VCID-qqrz-4j53-d3b8","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5607.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5607.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5607","reference_id":"","reference_type":"","scores":[{"value":"0.02207","scoring_system":"epss","scoring_elements":"0.84783","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02207","scoring_system":"epss","scoring_elements":"0.84756","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02207","scoring_system":"epss","scoring_elements":"0.84779","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02207","scoring_system":"epss","scoring_elements":"0.8478","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02207","scoring_system":"epss","scoring_elements":"0.84778","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02207","scoring_system":"epss","scoring_elements":"0.84766","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5607"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031461","reference_id":"1031461","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607","reference_id":"CVE-2013-5607","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607"},{"reference_url":"https://security.gentoo.org/glsa/201406-19","reference_id":"GLSA-201406-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-19"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1791","reference_id":"RHSA-2013:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1829","reference_id":"RHSA-2013:1829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1829"},{"reference_url":"https://usn.ubuntu.com/2031-1/","reference_id":"USN-2031-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2031-1/"},{"reference_url":"https://usn.ubuntu.com/2032-1/","reference_id":"USN-2032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2032-1/"},{"reference_url":"https://usn.ubuntu.com/2087-1/","reference_id":"USN-2087-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2087-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5607"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqrz-4j53-d3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1982?format=json","vulnerability_id":"VCID-xg2b-zzbj-juds","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5606.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5606.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5606","reference_id":"","reference_type":"","scores":[{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71589","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71538","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71582","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71571","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71564","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00661","scoring_system":"epss","scoring_elements":"0.71549","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5606"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031457","reference_id":"1031457","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1031457"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735105","reference_id":"735105","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606","reference_id":"CVE-2013-5606","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606"},{"reference_url":"https://security.gentoo.org/glsa/201406-19","reference_id":"GLSA-201406-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-19"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1791","reference_id":"RHSA-2013:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1829","reference_id":"RHSA-2013:1829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0041","reference_id":"RHSA-2014:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0041"},{"reference_url":"https://usn.ubuntu.com/2030-1/","reference_id":"USN-2030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2030-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5606"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg2b-zzbj-juds"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.15.3-2%3Farch=el6_5"}