{"url":"http://public2.vulnerablecode.io/api/packages/185449?format=json","purl":"pkg:rpm/redhat/firefox@3.0.12-1?arch=el5_3","type":"rpm","namespace":"redhat","name":"firefox","version":"3.0.12-1","qualifiers":{"arch":"el5_3"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2674?format=json","vulnerability_id":"VCID-36t9-jpa3-3bfa","summary":"Andrej Andolsek reported that when Firefox\nreceives a reply from a SOCKS5 proxy which contains a DNS name longer\nthan 15 characters, the subsequent data stream in the response can\nbecome corrupted.  There was no evidence of memory corruption,\nhowever, and the severity of the issue was determined to be low.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2470","reference_id":"","reference_type":"","scores":[{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86091","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86067","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86088","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86089","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86087","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86075","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512145","reference_id":"512145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470","reference_id":"CVE-2009-2470","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-38","reference_id":"mfsa2009-38","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[],"aliases":["CVE-2009-2470"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36t9-jpa3-3bfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2641?format=json","vulnerability_id":"VCID-42et-b37x-v7dy","summary":"Mozilla developer Blake Kaplan reported\nthat setTimeout, when called with certain object\nparameters which should be protected with\na XPCNativeWrapper, will fail to keep the object wrapped\nwhen compiling the new function to be executed.  If chrome privileged\ncode were to call setTimeout using this as\nan argument, the this object will lose its wrapper and\ncould be unsafely accessed by chrome code.  An attacker could use such\nvulnerable code to run arbitrary JavaScript with chrome\nprivileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2471","reference_id":"","reference_type":"","scores":[{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.84454","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.84427","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.84451","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.84448","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.84447","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.84435","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2471"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512146","reference_id":"512146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471","reference_id":"CVE-2009-2471","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39","reference_id":"mfsa2009-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"}],"fixed_packages":[],"aliases":["CVE-2009-2471"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42et-b37x-v7dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2643?format=json","vulnerability_id":"VCID-5ea4-6fsd-n7ax","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2664","reference_id":"","reference_type":"","scores":[{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.86864","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.86844","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.86866","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.86863","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.86861","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.86851","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618341","reference_id":"1618341","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664","reference_id":"CVE-2009-2664","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45","reference_id":"mfsa2009-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"}],"fixed_packages":[],"aliases":["CVE-2009-2664"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ea4-6fsd-n7ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2682?format=json","vulnerability_id":"VCID-8w8b-971x-aqhb","summary":"Mozilla security researcher moz_bug_r_a4 reported\na series of vulnerabilities in which objects that normally receive\na XPCCrossOriginWrapper are constructed without the\nwrapper.  This can lead to cases where JavaScript from one website may\nunsafely access properties of such an object which had been set by a\ndifferent website.  A malicious website could use this vulnerability\nto launch a XSS attack and run arbitrary JavaScript within the context\nof another site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2472","reference_id":"","reference_type":"","scores":[{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72441","published_at":"2026-06-06T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72394","published_at":"2026-06-04T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72435","published_at":"2026-06-05T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72432","published_at":"2026-06-09T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72422","published_at":"2026-06-07T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72408","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512147","reference_id":"512147","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472","reference_id":"CVE-2009-2472","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-40","reference_id":"mfsa2009-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2472"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8w8b-971x-aqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2592?format=json","vulnerability_id":"VCID-a81r-cxqq-vqf6","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2462","reference_id":"","reference_type":"","scores":[{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.8773","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.87751","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.87752","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.87753","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.87764","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512128","reference_id":"512128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462","reference_id":"CVE-2009-2462","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2462"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a81r-cxqq-vqf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2594?format=json","vulnerability_id":"VCID-as3a-uscx-c3bb","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2465","reference_id":"","reference_type":"","scores":[{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.8768","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87703","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87702","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.87714","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512135","reference_id":"512135","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465","reference_id":"CVE-2009-2465","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2465"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-as3a-uscx-c3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2593?format=json","vulnerability_id":"VCID-r3sj-cqnz-aqha","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2464","reference_id":"","reference_type":"","scores":[{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.95249","published_at":"2026-06-06T12:55:00Z"},{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.9524","published_at":"2026-06-04T12:55:00Z"},{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.95247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.95254","published_at":"2026-06-09T12:55:00Z"},{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.95251","published_at":"2026-06-07T12:55:00Z"},{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.9525","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512133","reference_id":"512133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464","reference_id":"CVE-2009-2464","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt","reference_id":"CVE-2009-2464;OSVDB-56229","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt"},{"reference_url":"https://www.securityfocus.com/bid/35775/info","reference_id":"CVE-2009-2464;OSVDB-56229","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35775/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2464"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3sj-cqnz-aqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2656?format=json","vulnerability_id":"VCID-tnjp-k3mu-j7gk","summary":"Security researcher Attila Suszter reported that\nwhen a page contains a Flash object which presents a slow script\ndialog, and the page is navigated while the dialog is still visible to\nthe user, the Flash plugin is unloaded resulting in a crash due to a\ncall to the deleted object.  This crash could potentially be used by\nan attacker to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2467","reference_id":"","reference_type":"","scores":[{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.90103","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.90088","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.90104","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.90115","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.90101","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.901","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512137","reference_id":"512137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467","reference_id":"CVE-2009-2467","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-35","reference_id":"mfsa2009-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2467"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnjp-k3mu-j7gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2596?format=json","vulnerability_id":"VCID-ucht-xzab-3ffh","summary":"Security researcher PenPal reported a crash\ninvolving a SVG element on which a watch function\nand __defineSetter__ function have been set for a\nparticular property.  The crash showed evidence of memory corruption\nand could potentially be used by an attacker to run arbitrary code on\na victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2469","reference_id":"","reference_type":"","scores":[{"value":"0.0647","scoring_system":"epss","scoring_elements":"0.91246","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0647","scoring_system":"epss","scoring_elements":"0.91259","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0647","scoring_system":"epss","scoring_elements":"0.91256","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0647","scoring_system":"epss","scoring_elements":"0.91252","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0647","scoring_system":"epss","scoring_elements":"0.91267","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512142","reference_id":"512142","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469","reference_id":"CVE-2009-2469","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-37","reference_id":"mfsa2009-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2469"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucht-xzab-3ffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2595?format=json","vulnerability_id":"VCID-xw62-txxw-zbfr","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2466","reference_id":"","reference_type":"","scores":[{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.90702","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.9069","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.90703","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.90714","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.907","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.90698","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2466"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512136","reference_id":"512136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466","reference_id":"CVE-2009-2466","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2466"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw62-txxw-zbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2170?format=json","vulnerability_id":"VCID-zp8z-8z1b-3fep","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2463","reference_id":"","reference_type":"","scores":[{"value":"0.04113","scoring_system":"epss","scoring_elements":"0.88807","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04113","scoring_system":"epss","scoring_elements":"0.88824","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04113","scoring_system":"epss","scoring_elements":"0.88822","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04113","scoring_system":"epss","scoring_elements":"0.88839","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2463"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512131","reference_id":"512131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463","reference_id":"CVE-2009-2463","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2463"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zp8z-8z1b-3fep"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@3.0.12-1%3Farch=el5_3"}