{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","type":"ebuild","namespace":"www-client","name":"icecat","version":"3.14","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"10.0.11","latest_non_vulnerable_version":"10.0.11","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2292?format=json","vulnerability_id":"VCID-15hg-smda-afby","summary":"Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5841","reference_id":"","reference_type":"","scores":[{"value":"0.0091","scoring_system":"epss","scoring_elements":"0.76192","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5841"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877628","reference_id":"877628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841","reference_id":"CVE-2012-5841","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100","reference_id":"mfsa2012-100","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5841"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15hg-smda-afby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2335?format=json","vulnerability_id":"VCID-1ad6-euv1-ffdn","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1975","reference_id":"","reference_type":"","scores":[{"value":"0.03305","scoring_system":"epss","scoring_elements":"0.87464","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975","reference_id":"CVE-2012-1975","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1975"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ad6-euv1-ffdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2874?format=json","vulnerability_id":"VCID-1az2-21v2-5bbg","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG\nimplementation could result in an out-of-bounds memory access if\nSVG elements were removed during a DOMAttrModified event handler.\nThis vulnerability does not affect products prior to Firefox 8\nand SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if\nusing a browser-like feature that allowed scripts to run; users\nare not at risk while reading mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3658","reference_id":"","reference_type":"","scores":[{"value":"0.75876","scoring_system":"epss","scoring_elements":"0.9893","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3658"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658","reference_id":"CVE-2011-3658","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb","reference_id":"CVE-2011-3658;OSVDB-77953","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18847.rb"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-12-056/","reference_id":"CVE-2011-3658;OSVDB-77953","reference_type":"exploit","scores":[],"url":"http://www.zerodayinitiative.com/advisories/ZDI-12-056/"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55","reference_id":"mfsa2011-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-55"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3658"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1az2-21v2-5bbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2636?format=json","vulnerability_id":"VCID-1bap-8k3p-kbe8","summary":"Microsoft security researchers Shuo\nChen, Ziqing Mao, Yi-Min\nWang, and Ming Zhang reported that when a\nCONNECT request is sent to a proxy server and a non-200 response is\nreturned, then the body of the response is incorrectly rendered\nwithin the context of the request Host: header.  An\nactive network attacker could use this vulnerability to intercept a\nCONNECT request and reply with a non-200 response containing malicious\ncode which would be executed within the context of the victim's\nrequested SSL-protected domain.  Since this attack requires the victim\nto have a proxy configured, the severity of this issue was determined\nto be high.Thunderbird mail messages are not vulnerable to this flaw,\nbut if Thunderbird were being used in a browser-like manner (through Add-ons,\nperhaps) and JavaScript were enabled (not the default setting) then users could\nbe vulnerable to this flaw in older versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1836","reference_id":"","reference_type":"","scores":[{"value":"0.02032","scoring_system":"epss","scoring_elements":"0.84119","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1836"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503578","reference_id":"503578","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836","reference_id":"CVE-2009-1836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-27","reference_id":"mfsa2009-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1836"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bap-8k3p-kbe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2402?format=json","vulnerability_id":"VCID-1brb-2w5v-ukg9","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0463","reference_id":"","reference_type":"","scores":[{"value":"0.04347","scoring_system":"epss","scoring_elements":"0.89118","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463","reference_id":"CVE-2012-0463","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0463"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0463"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1brb-2w5v-ukg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2167?format=json","vulnerability_id":"VCID-1cwm-47w2-63gg","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0163","reference_id":"","reference_type":"","scores":[{"value":"0.05442","scoring_system":"epss","scoring_elements":"0.90338","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0163"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576391","reference_id":"576391","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163","reference_id":"CVE-2010-0163","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0163"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0163"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cwm-47w2-63gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2892?format=json","vulnerability_id":"VCID-1etx-4u7q-gfa3","summary":"Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3651","reference_id":"","reference_type":"","scores":[{"value":"0.04425","scoring_system":"epss","scoring_elements":"0.89218","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651","reference_id":"CVE-2011-3651","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48","reference_id":"mfsa2011-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3651"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1etx-4u7q-gfa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2337?format=json","vulnerability_id":"VCID-1nd3-n5ad-rka9","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3956","reference_id":"","reference_type":"","scores":[{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956","reference_id":"CVE-2012-3956","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3956"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nd3-n5ad-rka9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2456?format=json","vulnerability_id":"VCID-1r73-v4h5-7kc5","summary":"Google security researcher Chris Evans reported that a\nwebsite could access a limited amount of data from a different domain by\nloading a same-domain JavaScript URL which redirects to an off-domain\ntarget  resource containing data\nwhich is not parsable as JavaScript.  Upon attempting to load the data as\nJavaScript a syntax error is generated that can reveal some of the file\ncontext via the window.onerror DOM API.This issue could be used by a malicious website to steal private data\nfrom users who are authenticated on the redirected website. How much\ndata could be at risk would depend on the format of the data and how\nthe JavaScript parser attempts to interpret it. For most files the\namount of data that can be recovered would be limited to the first\nword or two. Some data files might allow deeper probing with\nrepeated loads.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.Update December 18, 2008: The Windows version of Firefox\n2.0.0.19 was shipped without the fix for this issue (other platforms\nwere correctly patched). Firefox 2.0.0.20 has been released on Windows\nto correct this oversight.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5507.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5507","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44099","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5507"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476280","reference_id":"476280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507","reference_id":"CVE-2008-5507","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5507"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-65","reference_id":"mfsa2008-65","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5507"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1r73-v4h5-7kc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2328?format=json","vulnerability_id":"VCID-1v9j-kd28-5ufe","summary":"Google developer Tony Payne reported an out of bounds (OOB)\nread in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1960","reference_id":"","reference_type":"","scores":[{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68041","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840213","reference_id":"840213","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960","reference_id":"CVE-2012-1960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50","reference_id":"mfsa2012-50","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-50"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1960"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v9j-kd28-5ufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2871?format=json","vulnerability_id":"VCID-1vg7-wd1h-qkec","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.These vulnerabilities did not affect the older browser engine used\nprior to Firefox 4.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3660","reference_id":"","reference_type":"","scores":[{"value":"0.0394","scoring_system":"epss","scoring_elements":"0.88548","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3660"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660","reference_id":"CVE-2011-3660","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53","reference_id":"mfsa2011-53","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-53"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3660"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vg7-wd1h-qkec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2301?format=json","vulnerability_id":"VCID-1z2q-kuap-wkfk","summary":"Security researcher Mariusz Mlynski reported that the\nlocation property can be accessed by binary plugins through\ntop.location and top can be shadowed by\nObject.defineProperty as well. This can allow for possible\ncross-site scripting (XSS) attacks through plugins.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3994.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3994","reference_id":"","reference_type":"","scores":[{"value":"0.00927","scoring_system":"epss","scoring_elements":"0.7643","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3994"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863622","reference_id":"863622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994","reference_id":"CVE-2012-3994","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-82","reference_id":"mfsa2012-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-82"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3994"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1z2q-kuap-wkfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2182?format=json","vulnerability_id":"VCID-216v-x1r5-2ue1","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0167","reference_id":"","reference_type":"","scores":[{"value":"0.27259","scoring_system":"epss","scoring_elements":"0.96494","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576698","reference_id":"576698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167","reference_id":"CVE-2010-0167","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt","reference_id":"CVE-2010-0167;OSVDB-63267","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33801.txt"},{"reference_url":"https://www.securityfocus.com/bid/38944/info","reference_id":"CVE-2010-0167;OSVDB-63267","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/38944/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11","reference_id":"mfsa2010-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0167"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-216v-x1r5-2ue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2197?format=json","vulnerability_id":"VCID-23de-qepf-7fa8","summary":"Security researcher Soroush Dalili reported that\npotentially sensitive URL parameters could be leaked across domains\nupon script errors when the script filename and line number is\nincluded in the error message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2754","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62358","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615488","reference_id":"615488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754","reference_id":"CVE-2010-2754","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47","reference_id":"mfsa2010-47","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2754"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23de-qepf-7fa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2327?format=json","vulnerability_id":"VCID-23uc-h52u-b7ft","summary":"Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, calls to history.forward and\nhistory.back are used to navigate to a site while displaying the previous site\nin the addressbar but changing the baseURI to the newer site. This can be used\nfor phishing by allowing the user to input form or other data on the newer,\nattacking, site while appearing to be on the older, displayed site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1955.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1955","reference_id":"","reference_type":"","scores":[{"value":"0.02583","scoring_system":"epss","scoring_elements":"0.85852","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1955"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840206","reference_id":"840206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955","reference_id":"CVE-2012-1955","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45","reference_id":"mfsa2012-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1955"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23uc-h52u-b7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2224?format=json","vulnerability_id":"VCID-25ey-k7xj-hfgk","summary":"Security researchers Yosuke Hasegawa\nand Masatoshi Kimura reported that the x-mac-arabic,\nx-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS\nattacks due to some characters being converted to angle brackets when\ndisplayed by the rendering engine.  Sites using these character\nencodings would thus be potentially vulnerable to script injection\nattacks if their script filtering code fails to strip out these\nspecific characters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3770","reference_id":"","reference_type":"","scores":[{"value":"0.08052","scoring_system":"epss","scoring_elements":"0.92273","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660439","reference_id":"660439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770","reference_id":"CVE-2010-3770","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt","reference_id":"CVE-2010-3770;OSVDB-69772","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt"},{"reference_url":"https://www.securityfocus.com/bid/45353/info","reference_id":"CVE-2010-3770;OSVDB-69772","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/45353/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-84","reference_id":"mfsa2010-84","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-84"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3770"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25ey-k7xj-hfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2394?format=json","vulnerability_id":"VCID-29sb-u37n-audy","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1938","reference_id":"","reference_type":"","scores":[{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79647","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938","reference_id":"CVE-2012-1938","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34","reference_id":"mfsa2012-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1938"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29sb-u37n-audy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2498?format=json","vulnerability_id":"VCID-29we-jnwd-9uga","summary":"Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol.  The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4067","reference_id":"","reference_type":"","scores":[{"value":"0.02059","scoring_system":"epss","scoring_elements":"0.84222","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463246","reference_id":"463246","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463246"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067","reference_id":"CVE-2008-4067","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4067"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44","reference_id":"mfsa2008-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4067"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29we-jnwd-9uga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2902?format=json","vulnerability_id":"VCID-2atj-k716-gqee","summary":"Security researcher Mario Heiderich reported that\nHTML-encoded entities were being improperly decoded when displayed\ninside SVG elements.  This could lead to XSS attacks on sites relying\non HTML encoding of user-supplied content.The inline SVG feature was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2369","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49148","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369","reference_id":"CVE-2011-2369","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-27","reference_id":"mfsa2011-27","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-27"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2369"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2atj-k716-gqee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2282?format=json","vulnerability_id":"VCID-2dd7-kcvk-tqb4","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4187","reference_id":"","reference_type":"","scores":[{"value":"0.20011","scoring_system":"epss","scoring_elements":"0.95589","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187","reference_id":"CVE-2012-4187","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4187"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dd7-kcvk-tqb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2325?format=json","vulnerability_id":"VCID-2gcp-9sky-3ffp","summary":"Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, writes to\nlocation.hash can be used in concert with scripted history\nnavigation to cause a specific website to be loaded into the history object. The\nbaseURI can then be changed to this stored site, allowing an attacker to inject\na script or intercept posted data posted to a location specified with a relative\npath.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3992","reference_id":"","reference_type":"","scores":[{"value":"0.01138","scoring_system":"epss","scoring_elements":"0.78728","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3992"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863624","reference_id":"863624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992","reference_id":"CVE-2012-3992","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-84","reference_id":"mfsa2012-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-84"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3992"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gcp-9sky-3ffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2174?format=json","vulnerability_id":"VCID-2gnx-bbf7-9yee","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that code used to normalize a\ndocument contained a logical flaw that could be leveraged to run\narbitrary code.  When the normalization code ran, a static count of\nthe document's child nodes was used in the traversal, so a page could\nbe constructed that would remove DOM nodes during this normalization\nwhich could lead to the accessing of a deleted object and potentially\nthe execution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2766","reference_id":"","reference_type":"","scores":[{"value":"0.05221","scoring_system":"epss","scoring_elements":"0.90116","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630069","reference_id":"630069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630069"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766","reference_id":"CVE-2010-2766","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-57","reference_id":"mfsa2010-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2766"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gnx-bbf7-9yee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2448?format=json","vulnerability_id":"VCID-2px9-hc1z-3qca","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5500","reference_id":"","reference_type":"","scores":[{"value":"0.06165","scoring_system":"epss","scoring_elements":"0.90985","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476266","reference_id":"476266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500","reference_id":"CVE-2008-5500","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5500"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60","reference_id":"mfsa2008-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5500"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2px9-hc1z-3qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2645?format=json","vulnerability_id":"VCID-2q9q-zxm9-37gw","summary":"Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way.  This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page.  An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3985","reference_id":"","reference_type":"","scores":[{"value":"0.00461","scoring_system":"epss","scoring_elements":"0.64505","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3985"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546726","reference_id":"546726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546726"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985","reference_id":"CVE-2009-3985","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69","reference_id":"mfsa2009-69","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3985"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2q9q-zxm9-37gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2385?format=json","vulnerability_id":"VCID-2ry7-xkdn-4uak","summary":"Security Researcher Matt McCutchen reported that a\nclickjacking attack using the certificate warning page. A man-in-the-middle\n(MITM) attacker can use an iframe to display its own certificate error warning\npage (about:certerror) with the \"Add Exception\" button of a real warning page\nfrom a malicious site. This can mislead users to adding a certificate exception\nfor a different site than the perceived one. This can lead to compromised\ncommunications with the user perceived site through the MITM attack once the\ncertificate exception has been added.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1964","reference_id":"","reference_type":"","scores":[{"value":"0.00901","scoring_system":"epss","scoring_elements":"0.76066","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840222","reference_id":"840222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964","reference_id":"CVE-2012-1964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54","reference_id":"mfsa2012-54","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1964"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ry7-xkdn-4uak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2449?format=json","vulnerability_id":"VCID-2zd3-s1bf-byh8","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5501","reference_id":"","reference_type":"","scores":[{"value":"0.04539","scoring_system":"epss","scoring_elements":"0.89363","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476267","reference_id":"476267","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501","reference_id":"CVE-2008-5501","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5501"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60","reference_id":"mfsa2008-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5501"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zd3-s1bf-byh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118748?format=json","vulnerability_id":"VCID-33gy-nejj-5qe4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5822.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5822","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66343","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5822"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5822"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33gy-nejj-5qe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2602?format=json","vulnerability_id":"VCID-366w-42za-1qb1","summary":"Security researcher Juan Pablo Lopez Yacubian\nreported that an attacker could call window.open() on an\ninvalid URL which looks similar to a legitimate URL and then\nuse document.write() to place content within the new\ndocument, appearing to have come from the spoofed location.\nAdditionally, if the spoofed document was created by a document with a\nvalid SSL certificate, the SSL indicators would be carried over into\nthe spoofed document.  An attacker could use these issues to display\nmisleading location and SSL information for a malicious web page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2654","reference_id":"","reference_type":"","scores":[{"value":"0.13196","scoring_system":"epss","scoring_elements":"0.94263","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521311","reference_id":"521311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654","reference_id":"CVE-2009-2654","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html","reference_id":"CVE-2009-2654;OSVDB-56717","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33103.html"},{"reference_url":"https://www.securityfocus.com/bid/35803/info","reference_id":"CVE-2009-2654;OSVDB-56717","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35803/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-44","reference_id":"mfsa2009-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://usn.ubuntu.com/811-1/","reference_id":"USN-811-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/811-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2654"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-366w-42za-1qb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2365?format=json","vulnerability_id":"VCID-36q5-nexm-w3em","summary":"Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1940","reference_id":"","reference_type":"","scores":[{"value":"0.03035","scoring_system":"epss","scoring_elements":"0.86916","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1940"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843","reference_id":"827843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940","reference_id":"CVE-2012-1940","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40","reference_id":"mfsa2012-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1940"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36q5-nexm-w3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2674?format=json","vulnerability_id":"VCID-36t9-jpa3-3bfa","summary":"Andrej Andolsek reported that when Firefox\nreceives a reply from a SOCKS5 proxy which contains a DNS name longer\nthan 15 characters, the subsequent data stream in the response can\nbecome corrupted.  There was no evidence of memory corruption,\nhowever, and the severity of the issue was determined to be low.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2470.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2470","reference_id":"","reference_type":"","scores":[{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86067","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512145","reference_id":"512145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470","reference_id":"CVE-2009-2470","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-38","reference_id":"mfsa2009-38","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2470"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36t9-jpa3-3bfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2353?format=json","vulnerability_id":"VCID-39se-79t4-bqf3","summary":"Mozilla community member Ms2ger found an image rendering\nissue with WebGL when texImage2D uses use JSVAL_TO_OBJECT on arbitrary objects.\nThis can lead to a crash on a maliciously crafted web page. While there is no\nevidence that this is directly exploitable, there is a possibility of remote\ncode execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0478","reference_id":"","reference_type":"","scores":[{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73566","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815037","reference_id":"815037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478","reference_id":"CVE-2012-0478","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30","reference_id":"mfsa2012-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0478"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39se-79t4-bqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2825?format=json","vulnerability_id":"VCID-3cnp-jdxy-nbas","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2987","reference_id":"","reference_type":"","scores":[{"value":"0.10043","scoring_system":"epss","scoring_elements":"0.93205","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987","reference_id":"CVE-2011-2987","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2987"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2987"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cnp-jdxy-nbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2461?format=json","vulnerability_id":"VCID-3edb-v152-t7ct","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects.  moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object.  These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4060","reference_id":"","reference_type":"","scores":[{"value":"0.02018","scoring_system":"epss","scoring_elements":"0.8407","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463198","reference_id":"463198","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060","reference_id":"CVE-2008-4060","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4060"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41","reference_id":"mfsa2008-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4060"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3edb-v152-t7ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2649?format=json","vulnerability_id":"VCID-3f78-n439-6fhs","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0353","reference_id":"","reference_type":"","scores":[{"value":"0.0678","scoring_system":"epss","scoring_elements":"0.91471","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0353"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483141","reference_id":"483141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353","reference_id":"CVE-2009-0353","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01","reference_id":"mfsa2009-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0353"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3f78-n439-6fhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2180?format=json","vulnerability_id":"VCID-3gpe-mdjk-fug4","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0165","reference_id":"","reference_type":"","scores":[{"value":"0.03502","scoring_system":"epss","scoring_elements":"0.87824","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165","reference_id":"CVE-2010-0165","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11","reference_id":"mfsa2010-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0165"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpe-mdjk-fug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2233?format=json","vulnerability_id":"VCID-3gpm-gttu-gudn","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the wrapper class XPCSafeJSObjectWrapper (SJOW) on\nthe Mozilla 1.9.1 development branch has a logical error in its\nscripted function implementation that allows the caller to run the\nfunction within the context of another site.  This is a violation of\nthe same-origin policy and could be used to mount an XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2763","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67509","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763","reference_id":"CVE-2010-2763","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-60","reference_id":"mfsa2010-60","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-60"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2763"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpm-gttu-gudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2840?format=json","vulnerability_id":"VCID-3hfm-dr4a-ayac","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2984","reference_id":"","reference_type":"","scores":[{"value":"0.01538","scoring_system":"epss","scoring_elements":"0.81684","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2984"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730522","reference_id":"730522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984","reference_id":"CVE-2011-2984","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2984"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hfm-dr4a-ayac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2255?format=json","vulnerability_id":"VCID-3knh-xsxc-r3dx","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4182","reference_id":"","reference_type":"","scores":[{"value":"0.04752","scoring_system":"epss","scoring_elements":"0.8962","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182","reference_id":"CVE-2012-4182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4182"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3knh-xsxc-r3dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115683?format=json","vulnerability_id":"VCID-3mf6-16up-dygg","summary":"firefox: information leak due to XSLT","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1712","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56282","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1712"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=697732","reference_id":"697732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=697732"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-1712"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mf6-16up-dygg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2863?format=json","vulnerability_id":"VCID-3pr5-2yb6-eff5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2990","reference_id":"","reference_type":"","scores":[{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68033","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990","reference_id":"CVE-2011-2990","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2990"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2990"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pr5-2yb6-eff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151054?format=json","vulnerability_id":"VCID-3r4k-r99j-8uaz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2061","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56845","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2061"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2061"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r4k-r99j-8uaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2251?format=json","vulnerability_id":"VCID-3x39-wrcj-r7f1","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3995.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3995","reference_id":"","reference_type":"","scores":[{"value":"0.02016","scoring_system":"epss","scoring_elements":"0.84052","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3995"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995","reference_id":"CVE-2012-3995","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3995"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x39-wrcj-r7f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2867?format=json","vulnerability_id":"VCID-3x8b-a8de-uff8","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2375","reference_id":"","reference_type":"","scores":[{"value":"0.0287","scoring_system":"epss","scoring_elements":"0.86537","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375","reference_id":"CVE-2011-2375","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2375"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2375"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8b-a8de-uff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2641?format=json","vulnerability_id":"VCID-42et-b37x-v7dy","summary":"Mozilla developer Blake Kaplan reported\nthat setTimeout, when called with certain object\nparameters which should be protected with\na XPCNativeWrapper, will fail to keep the object wrapped\nwhen compiling the new function to be executed.  If chrome privileged\ncode were to call setTimeout using this as\nan argument, the this object will lose its wrapper and\ncould be unsafely accessed by chrome code.  An attacker could use such\nvulnerable code to run arbitrary JavaScript with chrome\nprivileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2471","reference_id":"","reference_type":"","scores":[{"value":"0.02113","scoring_system":"epss","scoring_elements":"0.84427","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2471"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512146","reference_id":"512146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471","reference_id":"CVE-2009-2471","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39","reference_id":"mfsa2009-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2471"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42et-b37x-v7dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2403?format=json","vulnerability_id":"VCID-44gj-qav3-fyba","summary":"Firefox prevents the dropping of javascript: links onto a frame\nto prevent malicious sites from tricking users into performing a cross-site\nscripting (XSS) attacks on themselves. Security researcher Soroush\nDalili reported a way to bypass this protection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0455.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0455","reference_id":"","reference_type":"","scores":[{"value":"0.01144","scoring_system":"epss","scoring_elements":"0.78783","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803119","reference_id":"803119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455","reference_id":"CVE-2012-0455","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0455"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13","reference_id":"mfsa2012-13","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0455"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44gj-qav3-fyba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2382?format=json","vulnerability_id":"VCID-44pj-mvww-fbd4","summary":"Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4191.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4191","reference_id":"","reference_type":"","scores":[{"value":"0.01678","scoring_system":"epss","scoring_elements":"0.82508","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4191"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=865286","reference_id":"865286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=865286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191","reference_id":"CVE-2012-4191","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88","reference_id":"mfsa2012-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88"},{"reference_url":"https://usn.ubuntu.com/1608-1/","reference_id":"USN-1608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1608-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4191"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44pj-mvww-fbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2604?format=json","vulnerability_id":"VCID-46dq-fn5m-nfdf","summary":"Mozilla add-on developer and community member Wladimir\nPalant reported that content-loading policies were not\nchecked before loading external script files into XUL documents.\nThe severity of this problem would depend on the reasons behind the\ncontent policy check, which include privacy from \"web bugs\" in\nThunderbird mail messages, blocking of Ads and Ad-server tracking\nin AdBlock Plus.The original version of this advisory incorrectly claimed\nthat NoScript protection could by bypassed; NoScript was unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1840","reference_id":"","reference_type":"","scores":[{"value":"0.01388","scoring_system":"epss","scoring_elements":"0.8068","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1840"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503582","reference_id":"503582","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503582"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840","reference_id":"CVE-2009-1840","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-31","reference_id":"mfsa2009-31","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1840"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46dq-fn5m-nfdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2658?format=json","vulnerability_id":"VCID-4bk3-p2fq-6uhf","summary":"Mozilla security researcher Georgi Guninski reported\nthat the fix for an earlier vulnerability reported by Liu Die Yu using local\ninternet shortcut files to access other sites\n(MFSA 2008-47) could be bypassed\nby redirecting to a privileged about: URI such as\nabout:plugins.\nIf an attacker could get a victim to\ndownload two files, a malicious HTML file and a .desktop shortcut\nfile, they could have the HTML document load a privileged chrome document\nvia the shortcut and both documents would be treated as same origin.\nThis vulnerability could potentially be used by an attacker to inject\narbitrary code into the chrome document and execute with chrome\nprivileges.  Because this attack has relatively high complexity, the\nseverity of this issue was determined to be moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0356","reference_id":"","reference_type":"","scores":[{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76176","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0356"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483144","reference_id":"483144","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356","reference_id":"CVE-2009-0356","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-04","reference_id":"mfsa2009-04","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0356"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bk3-p2fq-6uhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2499?format=json","vulnerability_id":"VCID-4c6v-vu6t-tudu","summary":"Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes.Mozilla developer Georgi Guninski reported that the restrictions imposed on local HTML files could be bypassed using the resource: protocol.  The vulnerability allowed an attacker to read information about the system and prompt the victim to save the information in a file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4068","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50431","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4068"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463248","reference_id":"463248","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068","reference_id":"CVE-2008-4068","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4068"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44","reference_id":"mfsa2008-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4068"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4c6v-vu6t-tudu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2823?format=json","vulnerability_id":"VCID-4g1w-usb3-9kcq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2988","reference_id":"","reference_type":"","scores":[{"value":"0.06165","scoring_system":"epss","scoring_elements":"0.90985","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988","reference_id":"CVE-2011-2988","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2988"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2988"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4g1w-usb3-9kcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2210?format=json","vulnerability_id":"VCID-4pvt-4d6d-9yc2","summary":"Morten Kråkvik of Telenor SOC reported an exploit\ntargeting particular versions of Firefox 3.6 on Windows XP that\nTelenor found while investigating an intrusion attempt on a customer\nnetwork. The underlying vulnerability, however, was present on both\nthe Firefox 3.5 and Firefox 3.6 development branches and affected all\nsupported platforms.Reading mail in Thunderbird does not pose a risk to\nusers, however the vulnerability is present and could be triggered in\nRSS feeds if JavaScript is enabled or by an add-on that enables\nbrowser-like functionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3765","reference_id":"","reference_type":"","scores":[{"value":"0.86773","scoring_system":"epss","scoring_elements":"0.99442","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3765"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0061","reference_id":"0061","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0061"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html","reference_id":"050061.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html","reference_id":"050077.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html","reference_id":"050154.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html","reference_id":"050233.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114329","reference_id":"100114329","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114329"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114335","reference_id":"100114335","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114335"},{"reference_url":"http://www.norman.com/security_center/virus_description_archive/129146/","reference_id":"129146","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.norman.com/security_center/virus_description_archive/129146/"},{"reference_url":"http://www.norman.com/about_norman/press_center/news_archive/2010/129223/","reference_id":"129223","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.norman.com/about_norman/press_center/news_archive/2010/129223/"},{"reference_url":"http://www.exploit-db.com/exploits/15341","reference_id":"15341","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.exploit-db.com/exploits/15341"},{"reference_url":"http://www.exploit-db.com/exploits/15342","reference_id":"15342","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.exploit-db.com/exploits/15342"},{"reference_url":"http://www.exploit-db.com/exploits/15352","reference_id":"15352","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.exploit-db.com/exploits/15352"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2837","reference_id":"2837","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2837"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2857","reference_id":"2857","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2857"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2864","reference_id":"2864","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2864"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2871","reference_id":"2871","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2871"},{"reference_url":"http://secunia.com/advisories/41761","reference_id":"41761","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41761"},{"reference_url":"http://secunia.com/advisories/41965","reference_id":"41965","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41965"},{"reference_url":"http://secunia.com/advisories/41966","reference_id":"41966","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41966"},{"reference_url":"http://secunia.com/advisories/41969","reference_id":"41969","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41969"},{"reference_url":"http://secunia.com/advisories/41975","reference_id":"41975","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/41975"},{"reference_url":"http://secunia.com/advisories/42003","reference_id":"42003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42003"},{"reference_url":"http://secunia.com/advisories/42008","reference_id":"42008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42008"},{"reference_url":"http://secunia.com/advisories/42043","reference_id":"42043","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42043"},{"reference_url":"http://secunia.com/advisories/42867","reference_id":"42867","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://secunia.com/advisories/42867"},{"reference_url":"http://www.securityfocus.com/bid/44425","reference_id":"44425","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securityfocus.com/bid/44425"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=646997","reference_id":"646997","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=646997"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:213","reference_id":"advisories?name=MDVSA-2010:213","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:213"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:219","reference_id":"advisories?name=MDVSA-2010:219","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:219"},{"reference_url":"http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/","reference_id":"critical-vulnerability-in-firefox-3-5-and-firefox-3-6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765","reference_id":"CVE-2010-3765","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html","reference_id":"CVE-2010-3765;OSVDB-68905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/15352.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb","reference_id":"CVE-2010-3765;OSVDB-68905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/16509.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html","reference_id":"CVE-2010-3765;OSVDB-68921","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15342.html"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222","reference_id":"CVE-2010-3765;OSVDB-68921;OSVDB-68905","reference_type":"exploit","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html","reference_id":"CVE-2010-3765;OSVDB-68921;OSVDB-68905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/15341.html"},{"reference_url":"http://isc.sans.edu/diary.html?storyid=9817","reference_id":"diary.html?storyid=9817","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://isc.sans.edu/diary.html?storyid=9817"},{"reference_url":"http://www.debian.org/security/2010/dsa-2124","reference_id":"dsa-2124","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.debian.org/security/2010/dsa-2124"},{"reference_url":"http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter","reference_id":"en?utm_source=twitterfeed&utm_medium=twitter","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"http://www.securitytracker.com/id?1024645","reference_id":"id?1024645","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securitytracker.com/id?1024645"},{"reference_url":"http://www.securitytracker.com/id?1024650","reference_id":"id?1024650","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securitytracker.com/id?1024650"},{"reference_url":"http://www.securitytracker.com/id?1024651","reference_id":"id?1024651","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.securitytracker.com/id?1024651"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-73","reference_id":"mfsa2010-73","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-73"},{"reference_url":"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html","reference_id":"mfsa2010-73.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"},{"reference_url":"http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox","reference_id":"multiple_vulnerabilities_in_mozilla_firefox","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A12108","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0808","reference_id":"RHSA-2010:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0808"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0808.html","reference_id":"RHSA-2010-0808.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0808.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0809","reference_id":"RHSA-2010:0809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0809"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0809.html","reference_id":"RHSA-2010-0809.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0809.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0810","reference_id":"RHSA-2010:0810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0810"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0810.html","reference_id":"RHSA-2010-0810.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0810.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0812","reference_id":"RHSA-2010:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0812"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2010-0812.html","reference_id":"RHSA-2010-0812.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://rhn.redhat.com/errata/RHSA-2010-0812.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0861.html","reference_id":"RHSA-2010-0861.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0861.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0896.html","reference_id":"RHSA-2010-0896.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0896.html"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53","reference_id":"show_bug.cgi?id=607222#c53","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53"},{"reference_url":"http://www.ubuntu.com/usn/usn-1011-1","reference_id":"usn-1011-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.ubuntu.com/usn/usn-1011-1"},{"reference_url":"https://usn.ubuntu.com/1011-1/","reference_id":"USN-1011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1011-1/"},{"reference_url":"https://usn.ubuntu.com/1011-2/","reference_id":"USN-1011-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1011-2/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1011-2","reference_id":"USN-1011-2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.ubuntu.com/usn/USN-1011-2"},{"reference_url":"https://usn.ubuntu.com/1011-3/","reference_id":"USN-1011-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1011-3/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1011-3","reference_id":"USN-1011-3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://www.ubuntu.com/usn/USN-1011-3"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706","reference_id":"viewer.php?l=slackware-security&y=2010&m=slackware-security.556706","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-04T03:55:28Z/"}],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3765"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pvt-4d6d-9yc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155728?format=json","vulnerability_id":"VCID-4q3c-nhva-xyeb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3399","reference_id":"","reference_type":"","scores":[{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.7078","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3399"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3399"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q3c-nhva-xyeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2141?format=json","vulnerability_id":"VCID-4qcc-z8qp-83e5","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a select event handler for XUL\ntree items could be called after the tree item was deleted.  This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.This vulnerability does not affect Firefox 3.6","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0175","reference_id":"","reference_type":"","scores":[{"value":"0.06689","scoring_system":"epss","scoring_elements":"0.91404","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578149","reference_id":"578149","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175","reference_id":"CVE-2010-0175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17","reference_id":"mfsa2010-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0175"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qcc-z8qp-83e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2882?format=json","vulnerability_id":"VCID-4tq8-xb5y-yqfk","summary":"Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0066","reference_id":"","reference_type":"","scores":[{"value":"0.05626","scoring_system":"epss","scoring_elements":"0.90501","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0066"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700657","reference_id":"700657","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066","reference_id":"CVE-2011-0066","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13","reference_id":"mfsa2011-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0066"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4tq8-xb5y-yqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2159?format=json","vulnerability_id":"VCID-4v9f-zksv-j7gt","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1200","reference_id":"","reference_type":"","scores":[{"value":"0.04334","scoring_system":"epss","scoring_elements":"0.89101","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1200"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590804","reference_id":"590804","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200","reference_id":"CVE-2010-1200","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1200"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1200"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4v9f-zksv-j7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2357?format=json","vulnerability_id":"VCID-4wx4-61y3-j3dr","summary":"Security researcher Bill Keese reported a memory corruption.\nThis is caused by JSDependentString::undepend changing a dependent string into a\nfixed string when there are additional dependent strings relying on the same\nbase. When the undepend occurs during conversion, the base data is freed,\nleaving other dependent strings with dangling pointers. This can lead to a\npotentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1962","reference_id":"","reference_type":"","scores":[{"value":"0.03397","scoring_system":"epss","scoring_elements":"0.87629","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840215","reference_id":"840215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962","reference_id":"CVE-2012-1962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52","reference_id":"mfsa2012-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1962"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4wx4-61y3-j3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2358?format=json","vulnerability_id":"VCID-4xn6-vknf-8ycf","summary":"Security researcher David Bloom of Cue discovered that\n<select> elements are always-on-top chromeless windows and\nthat navigation away from a page with an active <select> menu\ndoes not remove this window.When another menu is opened programmatically on a\nnew page, the original <select> menu can be retained and\narbitrary HTML content within it rendered, allowing an attacker to cover\narbitrary portions of the new page through absolute positioning/scrolling,\nleading to spoofing attacks. Security researcher Jordi Chancel\nfound a variation that would allow for click-jacking attacks was well.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3984","reference_id":"","reference_type":"","scores":[{"value":"0.01951","scoring_system":"epss","scoring_elements":"0.83791","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3984"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616","reference_id":"863616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984","reference_id":"CVE-2012-3984","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-75","reference_id":"mfsa2012-75","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-75"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3984"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xn6-vknf-8ycf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2626?format=json","vulnerability_id":"VCID-4y1m-44s1-4fcb","summary":"Security researcher Guido Landi discovered that a\nXSL stylesheet could be used to crash the browser during a XSL\ntransformation.  An attacker could potentially use this crash to run\narbitrary code on a victim's computer.This vulnerability was also previously reported as a stability\nproblem by Ubuntu community member, Andre.  Ubuntu\ncommunity member Michael Rooney reported Andre's\nfindings to Mozilla, and Mozilla community member Martin\nhelped reduce Andre's original testcase and contributed a patch to fix\nthe vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1169","reference_id":"","reference_type":"","scores":[{"value":"0.37495","scoring_system":"epss","scoring_elements":"0.97272","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=492211","reference_id":"492211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=492211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169","reference_id":"CVE-2009-1169","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-12","reference_id":"mfsa2009-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-12"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt","reference_id":"OSVDB-53079;CVE-2009-1169","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8285.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0397","reference_id":"RHSA-2009:0397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0398","reference_id":"RHSA-2009:0398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0398"},{"reference_url":"https://usn.ubuntu.com/745-1/","reference_id":"USN-745-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/745-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1169"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4y1m-44s1-4fcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2361?format=json","vulnerability_id":"VCID-51qu-9wp7-9qgr","summary":"An integer overflow in the libpng library can lead to a heap-buffer\noverflow when decompressing certain PNG images. This leads to a\ncrash, which may be potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3026","reference_id":"","reference_type":"","scores":[{"value":"0.43757","scoring_system":"epss","scoring_elements":"0.97596","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=790737","reference_id":"790737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=790737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026","reference_id":"CVE-2011-3026","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11","reference_id":"mfsa2012-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0140","reference_id":"RHSA-2012:0140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0141","reference_id":"RHSA-2012:0141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0142","reference_id":"RHSA-2012:0142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0143","reference_id":"RHSA-2012:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0317","reference_id":"RHSA-2012:0317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0317"},{"reference_url":"https://usn.ubuntu.com/1367-1/","reference_id":"USN-1367-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-1/"},{"reference_url":"https://usn.ubuntu.com/1367-2/","reference_id":"USN-1367-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-2/"},{"reference_url":"https://usn.ubuntu.com/1367-3/","reference_id":"USN-1367-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-3/"},{"reference_url":"https://usn.ubuntu.com/1367-4/","reference_id":"USN-1367-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3026"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51qu-9wp7-9qgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2298?format=json","vulnerability_id":"VCID-51w7-2ypy-tbgq","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1952","reference_id":"","reference_type":"","scores":[{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.79921","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1952"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952","reference_id":"CVE-2012-1952","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1952"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51w7-2ypy-tbgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2897?format=json","vulnerability_id":"VCID-5268-56yp-tfb7","summary":"Security researcher Christian Holler reported that\nthe JavaScript engine's internal memory mapping of non-local JS\nvariables contained a buffer overflow which could potentially be used\nby an attacker to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0054","reference_id":"","reference_type":"","scores":[{"value":"0.09158","scoring_system":"epss","scoring_elements":"0.92837","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675091","reference_id":"675091","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054","reference_id":"CVE-2011-0054","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-04","reference_id":"mfsa2011-04","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0054"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5268-56yp-tfb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2134?format=json","vulnerability_id":"VCID-54xd-e1tz-myck","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat when content script which is running in a chrome context accesses\na content object via SJOW, the content code can gain access to an\nobject from the chrome scope and use that object to run arbitrary\nJavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from\nGecko 1.9.1 were not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1215","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65622","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1215"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615463","reference_id":"615463","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215","reference_id":"CVE-2010-1215","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38","reference_id":"mfsa2010-38","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1215"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54xd-e1tz-myck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2648?format=json","vulnerability_id":"VCID-57sy-21d1-pyew","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0352","reference_id":"","reference_type":"","scores":[{"value":"0.08533","scoring_system":"epss","scoring_elements":"0.9253","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483139","reference_id":"483139","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352","reference_id":"CVE-2009-0352","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01","reference_id":"mfsa2009-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0352"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57sy-21d1-pyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2903?format=json","vulnerability_id":"VCID-5am8-72dc-8yer","summary":"Mozilla developer Boris Zbarsky reported that a frame\nnamed \"location\" could shadow the window.location object unless a\nscript in a page grabbed a reference to the true object before the frame\nwas created. Because some plugins use the value of window.location to determine\nthe page origin this could fool the plugin into granting the plugin content\naccess to another site or the local file system in violation of the Same Origin\nPolicy. This flaw allows circumvention of the fix added for\nMFSA 2010-10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2999","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72893","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2999"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741904","reference_id":"741904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999","reference_id":"CVE-2011-2999","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38","reference_id":"mfsa2011-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1343","reference_id":"RHSA-2011:1343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1344","reference_id":"RHSA-2011:1344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1344"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2999"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5am8-72dc-8yer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2220?format=json","vulnerability_id":"VCID-5bux-q44x-mfak","summary":"Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability.  The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created.  When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2752","reference_id":"","reference_type":"","scores":[{"value":"0.07986","scoring_system":"epss","scoring_elements":"0.92231","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615464","reference_id":"615464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752","reference_id":"CVE-2010-2752","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py","reference_id":"CVE-2010-2752","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15104.py"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39","reference_id":"mfsa2010-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2752"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bux-q44x-mfak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2299?format=json","vulnerability_id":"VCID-5cyv-1m27-zfd6","summary":"magicant starmen reported that if a user chooses to\nexport their Firefox Sync key the \"Firefox Recovery Key.html\" file is\nsaved with incorrect permissions, making the file contents potentially\nreadable by other users on Linux and OS X systems.\nFirefox 3.6 is not affected by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0450","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21737","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450","reference_id":"CVE-2012-0450","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-09","reference_id":"mfsa2012-09","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-09"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0450"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cyv-1m27-zfd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2845?format=json","vulnerability_id":"VCID-5dm1-kvut-bbgv","summary":"Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2372","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62813","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741917","reference_id":"741917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372","reference_id":"CVE-2011-2372","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40","reference_id":"mfsa2011-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2372"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dm1-kvut-bbgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2643?format=json","vulnerability_id":"VCID-5ea4-6fsd-n7ax","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2664","reference_id":"","reference_type":"","scores":[{"value":"0.03012","scoring_system":"epss","scoring_elements":"0.86844","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618341","reference_id":"1618341","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664","reference_id":"CVE-2009-2664","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2664"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45","reference_id":"mfsa2009-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2664"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ea4-6fsd-n7ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2852?format=json","vulnerability_id":"VCID-5edg-w3ju-huem","summary":"Mozilla security researcher moz_bug_r_a4 reported that\nan internal privilege check failed to respect the NoWaiverWrappers introduced\nwith Firefox 4. This could result in elevated privilege being granted to web content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3655","reference_id":"","reference_type":"","scores":[{"value":"0.00939","scoring_system":"epss","scoring_elements":"0.76595","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3655"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655","reference_id":"CVE-2011-3655","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-52","reference_id":"mfsa2011-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-52"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3655"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5edg-w3ju-huem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2376?format=json","vulnerability_id":"VCID-5h9x-peth-nufx","summary":"Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found a heap corruption in gfxImageSurface which\nallows for invalid frees and possible remote code execution. This happens due to\nfloat error, resulting from graphics values being passed through different\nnumber systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0470.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0470","reference_id":"","reference_type":"","scores":[{"value":"0.05707","scoring_system":"epss","scoring_elements":"0.90578","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0470"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815020","reference_id":"815020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470","reference_id":"CVE-2012-0470","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23","reference_id":"mfsa2012-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0470"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5h9x-peth-nufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=json","vulnerability_id":"VCID-5p5c-wgaj-nybv","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0079","reference_id":"","reference_type":"","scores":[{"value":"0.06848","scoring_system":"epss","scoring_elements":"0.91516","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079","reference_id":"CVE-2011-0079","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0079"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p5c-wgaj-nybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/233586?format=json","vulnerability_id":"VCID-5pv4-jtn7-97eu","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2007-2436"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pv4-jtn7-97eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2812?format=json","vulnerability_id":"VCID-5qnz-z32b-67hs","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0053","reference_id":"","reference_type":"","scores":[{"value":"0.03206","scoring_system":"epss","scoring_elements":"0.8725","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675082","reference_id":"675082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053","reference_id":"CVE-2011-0053","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01","reference_id":"mfsa2011-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0312","reference_id":"RHSA-2011:0312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0313","reference_id":"RHSA-2011:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0313"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0053"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qnz-z32b-67hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2175?format=json","vulnerability_id":"VCID-5qv8-552b-j3hn","summary":"Security researcher Ilja van Sprundel of IOActive\nreported that the Content-Disposition: attachment HTTP\nheader was ignored when Content-Type: multipart was also\npresent.  This issue could potentially lead to XSS problems in sites\nthat allow users to upload arbitrary files and specify a Content-Type\nbut rely on Content-Disposition: attachment to prevent\nthe content from being displayed inline.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1197","reference_id":"","reference_type":"","scores":[{"value":"0.01032","scoring_system":"epss","scoring_elements":"0.77688","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590850","reference_id":"590850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197","reference_id":"CVE-2010-1197","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1197"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-32","reference_id":"mfsa2010-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1197"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qv8-552b-j3hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2441?format=json","vulnerability_id":"VCID-5rcy-z5xh-xuc2","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4062","reference_id":"","reference_type":"","scores":[{"value":"0.0291","scoring_system":"epss","scoring_elements":"0.86633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463201","reference_id":"463201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062","reference_id":"CVE-2008-4062","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4062"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4062"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5rcy-z5xh-xuc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2217?format=json","vulnerability_id":"VCID-5sbu-sc2m-b3eg","summary":"Security researcher Marc Schoenefeld reported that\na specially crafted font could be applied to a document and cause a\ncrash on Mac systems.  The crash showed signs of memory corruption and\npresumably could be used by an attacker to execute arbitrary code on a\nvictim's computer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2770","reference_id":"","reference_type":"","scores":[{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86688","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770","reference_id":"CVE-2010-2770","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-58","reference_id":"mfsa2010-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-58"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2770"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5sbu-sc2m-b3eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2434?format=json","vulnerability_id":"VCID-5udv-bgsq-aqah","summary":"Security researcher David Bloom reported that the\nbrowser's session restore feature can be used to violate the\nsame-origin policy and run JavaScript in the context of another site.\nAny otherwise unexploitable crash can be used to force the user into the\nsession restore state Mozilla security researcher moz_bug_r_a4 demonstrated that\nthis vulnerability could also be used by an attacker to run arbitrary\nJavaScript with chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5019","reference_id":"","reference_type":"","scores":[{"value":"0.12823","scoring_system":"epss","scoring_elements":"0.94158","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5019"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470889","reference_id":"470889","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019","reference_id":"CVE-2008-5019","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5019"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-53","reference_id":"mfsa2008-53","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5019"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5udv-bgsq-aqah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2433?format=json","vulnerability_id":"VCID-5v21-5ssf-2kf5","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities in feedWriter which allow scripts from page\ncontent to run with chrome privileges.Firefox 3 is not affected by this issue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3836","reference_id":"","reference_type":"","scores":[{"value":"0.02943","scoring_system":"epss","scoring_elements":"0.86702","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3836"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463188","reference_id":"463188","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836","reference_id":"CVE-2008-3836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3836"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-39","reference_id":"mfsa2008-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-39"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-3836"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5v21-5ssf-2kf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2303?format=json","vulnerability_id":"VCID-5xa3-eyb5-j7bw","summary":"Mozilla community member Matias Juntunen discovered an error\nin WebGLBuffer where FindMaxElementInSubArray receives wrong template arguments\nfrom FindMaxUshortElement. This bug causes maximum index to be computed\nincorrectly within WebGL.drawElements, allowing the reading of illegal video\nmemory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0473","reference_id":"","reference_type":"","scores":[{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72658","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815023","reference_id":"815023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473","reference_id":"CVE-2012-0473","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26","reference_id":"mfsa2012-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0473"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xa3-eyb5-j7bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2681?format=json","vulnerability_id":"VCID-615z-2kke-63cz","summary":"Bjoern Hoehrmann and security researcher Moxie\nMarlinspike independently reported\nthat Unicode box drawing characters were allowed in Internationalized\nDomain Names (IDN) where they could be visually confused with\npunctuation used in valid web addresses.  This could be combined with\na phishing-type scam to trick a victim into thinking they were on a\ndifferent website than they actually were.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0652","reference_id":"","reference_type":"","scores":[{"value":"0.02133","scoring_system":"epss","scoring_elements":"0.845","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=486704","reference_id":"486704","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=486704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652","reference_id":"CVE-2009-0652","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-15","reference_id":"mfsa2009-15","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0652"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-615z-2kke-63cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2315?format=json","vulnerability_id":"VCID-64br-yc5f-wygx","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4216","reference_id":"","reference_type":"","scores":[{"value":"0.04114","scoring_system":"epss","scoring_elements":"0.88808","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4216"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216","reference_id":"CVE-2012-4216","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4216"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64br-yc5f-wygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58901?format=json","vulnerability_id":"VCID-64mt-9155-tkbv","summary":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389","reference_id":"","reference_type":"","scores":[{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88361","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389"},{"reference_url":"https://curl.se/docs/CVE-2011-3389.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2011-3389.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506","reference_id":"737506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506"},{"reference_url":"https://security.gentoo.org/glsa/201111-02","reference_id":"GLSA-201111-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201111-02"},{"reference_url":"https://security.gentoo.org/glsa/201203-02","reference_id":"GLSA-201203-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-02"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1380","reference_id":"RHSA-2011:1380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1384","reference_id":"RHSA-2011:1384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0006","reference_id":"RHSA-2012:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0034","reference_id":"RHSA-2012:0034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0343","reference_id":"RHSA-2012:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0508","reference_id":"RHSA-2012:0508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://usn.ubuntu.com/1263-1/","reference_id":"USN-1263-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1263-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3389"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64mt-9155-tkbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2815?format=json","vulnerability_id":"VCID-65f1-zvsa-xqgg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2989","reference_id":"","reference_type":"","scores":[{"value":"0.06835","scoring_system":"epss","scoring_elements":"0.91505","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989","reference_id":"CVE-2011-2989","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2989"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2989"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65f1-zvsa-xqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2473?format=json","vulnerability_id":"VCID-6e9x-84kp-n7ce","summary":"Security researcher Chris Evans reported an error\nin the method used to parse the default namespace in an E4X document.\nThe error was caused by quote characters in the namespace not being\nproperly escaped.  The severity of this issue was determined to be\nlow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5024","reference_id":"","reference_type":"","scores":[{"value":"0.07219","scoring_system":"epss","scoring_elements":"0.91757","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5024"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470902","reference_id":"470902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024","reference_id":"CVE-2008-5024","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-58","reference_id":"mfsa2008-58","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5024"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e9x-84kp-n7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2481?format=json","vulnerability_id":"VCID-6hd5-6f4p-akb4","summary":"Perl developer Chip Salzenberg reported that\ncertain control characters, when placed at the beginning of a URL,\nwould lead to incorrect parsing resulting in a malformed URL being\noutput by the parser.  IBM researchers Justin Schuh,\nTom Cross, and Peter William also\nreported a related symptom as part of their research that resulted in\nMFSA 2008-37.\n\nThere was no direct security impact from this issue and its effect\nwas limited to the improper rendering of hyperlinks containing\nspecific characters.  The severity of this issue was determined to be\nlow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5508","reference_id":"","reference_type":"","scores":[{"value":"0.02182","scoring_system":"epss","scoring_elements":"0.84667","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5508"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476281","reference_id":"476281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508","reference_id":"CVE-2008-5508","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5508"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-66","reference_id":"mfsa2008-66","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5508"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hd5-6f4p-akb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2140?format=json","vulnerability_id":"VCID-6kcv-fk1f-x7ez","summary":"Mozilla developer Blake Kaplan reported that the\nwrapper class XPCSafeJSObjectWrapper (SJOW), a security\nwrapper that allows content-defined objects to be safely accessed by\nprivileged code, creates scope chains ending in outer objects.  Users\nof SJOWs which expect the scope chain to end on an inner object may be\nhanded a chrome privileged object which could be leveraged to run\narbitrary JavaScript with chrome privileges.Michal Zalewski's recent contributions helped to\nidentify this architectural weakness.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2762.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2762","reference_id":"","reference_type":"","scores":[{"value":"0.0174","scoring_system":"epss","scoring_elements":"0.82854","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2762"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630071","reference_id":"630071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762","reference_id":"CVE-2010-2762","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2762"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-59","reference_id":"mfsa2010-59","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-59"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2762"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kcv-fk1f-x7ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2145?format=json","vulnerability_id":"VCID-6ndf-9s4u-qfen","summary":"Security researcher Gregory Fleischer reported\nthat when a Java LiveConnect script was loaded via\na data: URL which redirects via a meta refresh, then the\nresulting plugin object was created with the wrong security principal\nand thus received elevated privileges such as the abilities to read\nlocal files, launch processes, and create network connections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3775","reference_id":"","reference_type":"","scores":[{"value":"0.03473","scoring_system":"epss","scoring_elements":"0.87766","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660422","reference_id":"660422","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775","reference_id":"CVE-2010-3775","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-79","reference_id":"mfsa2010-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3775"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ndf-9s4u-qfen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2868?format=json","vulnerability_id":"VCID-6pcu-ba9e-bqb5","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2376","reference_id":"","reference_type":"","scores":[{"value":"0.02371","scoring_system":"epss","scoring_elements":"0.85248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376","reference_id":"CVE-2011-2376","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2376"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2376"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pcu-ba9e-bqb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2404?format=json","vulnerability_id":"VCID-6ux3-jruj-xkfq","summary":"Security researcher Mariusz Mlynski reported that when a\npage opens a new tab, a subsequent window can then be opened that can be\nnavigated to about:newtab, a chrome privileged page. Once\nabout:newtab is loaded, the special context can potentially be used\nto escalate privilege, allowing for arbitrary code execution on the local system\nin a maliciously crafted attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3965","reference_id":"","reference_type":"","scores":[{"value":"0.01126","scoring_system":"epss","scoring_elements":"0.7863","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851916","reference_id":"851916","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965","reference_id":"CVE-2012-3965","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3965"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-60","reference_id":"mfsa2012-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-60"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3965"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ux3-jruj-xkfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2186?format=json","vulnerability_id":"VCID-6vby-kb9g-r7ey","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a nsDOMAttribute\nnode can be modified without informing the iterator object responsible\nfor various DOM traversals.  This flaw could lead to a inconsistent\nstate where the iterator points to an object it believes is part of\nthe DOM but actually points to some other object.  If such an object\nhad been deleted and its memory reclaimed by the system, then the\niterator could be used to call into attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3766","reference_id":"","reference_type":"","scores":[{"value":"0.07145","scoring_system":"epss","scoring_elements":"0.91703","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660429","reference_id":"660429","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766","reference_id":"CVE-2010-3766","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-80","reference_id":"mfsa2010-80","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-80"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3766"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vby-kb9g-r7ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2184?format=json","vulnerability_id":"VCID-6wb2-shx3-jqgk","summary":"Security researcher Nils of MWR InfoSecurity\nreported that the routine for setting the text value for certain types\nof DOM nodes contained an integer overflow vulnerability.  When a very\nlong string was passed to this routine, the integer value used in\ncreating a new memory buffer to hold the string would overflow,\nresulting in too small a buffer being allocated.  An attacker could\nuse this vulnerability to write data past the end of the buffer,\ncausing a crash and potentially running arbitrary code on a victim's\ncomputer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1196","reference_id":"","reference_type":"","scores":[{"value":"0.05226","scoring_system":"epss","scoring_elements":"0.90122","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590830","reference_id":"590830","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196","reference_id":"CVE-2010-1196","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1196"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-29","reference_id":"mfsa2010-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1196"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wb2-shx3-jqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2246?format=json","vulnerability_id":"VCID-6ysw-nweg-vkau","summary":"Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4193","reference_id":"","reference_type":"","scores":[{"value":"0.01406","scoring_system":"epss","scoring_elements":"0.80812","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4193"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=865215","reference_id":"865215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=865215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193","reference_id":"CVE-2012-4193","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89","reference_id":"mfsa2012-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1361","reference_id":"RHSA-2012:1361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1362","reference_id":"RHSA-2012:1362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1362"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4193"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ysw-nweg-vkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2214?format=json","vulnerability_id":"VCID-76de-mqmg-vqgw","summary":"Mozilla developers identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0159","reference_id":"","reference_type":"","scores":[{"value":"0.02476","scoring_system":"epss","scoring_elements":"0.85555","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566047","reference_id":"566047","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159","reference_id":"CVE-2010-0159","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-01","reference_id":"mfsa2010-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0159"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76de-mqmg-vqgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2253?format=json","vulnerability_id":"VCID-76yr-a59q-u3f3","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4180","reference_id":"","reference_type":"","scores":[{"value":"0.09485","scoring_system":"epss","scoring_elements":"0.9298","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180","reference_id":"CVE-2012-4180","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4180"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76yr-a59q-u3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2243?format=json","vulnerability_id":"VCID-785g-4bq9-afc4","summary":"Security researcher Mariusz Mlynski reported that an\nattacker able to convince a potential victim to set a new home page by dragging\na link to the \"home\" button can set that user's home page to a\njavascript: URL. Once this is done the attacker's page can cause\nrepeated crashes of the browser, eventually getting the script URL loaded in the\nprivileged about:sessionrestore context.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0458.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0458","reference_id":"","reference_type":"","scores":[{"value":"0.02067","scoring_system":"epss","scoring_elements":"0.84247","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0458"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803113","reference_id":"803113","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458","reference_id":"CVE-2012-0458","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0458"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16","reference_id":"mfsa2012-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0458"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-785g-4bq9-afc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2350?format=json","vulnerability_id":"VCID-78na-3u18-xfag","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1970","reference_id":"","reference_type":"","scores":[{"value":"0.00873","scoring_system":"epss","scoring_elements":"0.75594","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1970"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851909","reference_id":"851909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970","reference_id":"CVE-2012-1970","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57","reference_id":"mfsa2012-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1970"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78na-3u18-xfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2859?format=json","vulnerability_id":"VCID-7e5b-9pc6-ybey","summary":"Security researcher Paul Stone reported that a\nJava applet could be used to mimic interaction with form autocomplete\ncontrols and steal entries from the form history.Firefox 4 was not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0067","reference_id":"","reference_type":"","scores":[{"value":"0.0052","scoring_system":"epss","scoring_elements":"0.67178","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700644","reference_id":"700644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067","reference_id":"CVE-2011-0067","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14","reference_id":"mfsa2011-14","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0067"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7e5b-9pc6-ybey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2153?format=json","vulnerability_id":"VCID-7k5r-vr13-f7e8","summary":"Microsoft Vulnerability Research reported that two\nplugin instances could interact in a way in which one plugin gets a\nreference to an object owned by a second plugin and continues to hold\nthat reference after the second plugin is unloaded and its object is\ndestroyed.  In these cases, the first plugin would contain a pointer\nto freed memory which, if accessed, could be used by an attacker to\nexecute arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1198.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1198","reference_id":"","reference_type":"","scores":[{"value":"0.05287","scoring_system":"epss","scoring_elements":"0.90182","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1198"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590828","reference_id":"590828","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198","reference_id":"CVE-2010-1198","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1198"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-28","reference_id":"mfsa2010-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1198"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7k5r-vr13-f7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2150?format=json","vulnerability_id":"VCID-7kav-ywtp-1fdw","summary":"Dirk Heinrich reported that on Windows platforms\nwhen document.write() was called with a very long string\na buffer overflow was caused in line breaking routines attempting to\nprocess the string for display.  Such cases triggered an invalid read\npast the end of an array causing a crash which an attacker could\npotentially use to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3769","reference_id":"","reference_type":"","scores":[{"value":"0.08397","scoring_system":"epss","scoring_elements":"0.92465","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769","reference_id":"CVE-2010-3769","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-75","reference_id":"mfsa2010-75","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3769"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kav-ywtp-1fdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2654?format=json","vulnerability_id":"VCID-7kkw-nz5m-nqg3","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3981.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3981","reference_id":"","reference_type":"","scores":[{"value":"0.04649","scoring_system":"epss","scoring_elements":"0.89482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3981"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546713","reference_id":"546713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981","reference_id":"CVE-2009-3981","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3981"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3981"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kkw-nz5m-nqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2447?format=json","vulnerability_id":"VCID-7n2t-5a6v-37hr","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in\nnsXMLHttpRequest::NotifyEventListeners() could be\nbypassed. This vulnerability could be used to execute JavaScript in\nthe context of a different website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5022","reference_id":"","reference_type":"","scores":[{"value":"0.13446","scoring_system":"epss","scoring_elements":"0.94332","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5022"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470895","reference_id":"470895","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022","reference_id":"CVE-2008-5022","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-56","reference_id":"mfsa2008-56","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5022"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7n2t-5a6v-37hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2664?format=json","vulnerability_id":"VCID-7ns3-vfk2-jqbs","summary":"An anonymous researcher, via TippingPoint's Zero Day Initiative\nprogram, reported a vulnerability in Mozilla's garbage collection\nprocess.  The vulnerability was caused by improper memory management\nof a set of cloned XUL DOM elements which were linked as a parent and\nchild.  After reloading the browser on a page with such linked\nelements, the browser would crash when attempting to access an object\nwhich was already destroyed.  An attacker could use this crash to run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0775","reference_id":"","reference_type":"","scores":[{"value":"0.06585","scoring_system":"epss","scoring_elements":"0.91326","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488287","reference_id":"488287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775","reference_id":"CVE-2009-0775","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-08","reference_id":"mfsa2009-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0775"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ns3-vfk2-jqbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150871?format=json","vulnerability_id":"VCID-7qyd-jcdw-suge","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1828","reference_id":"","reference_type":"","scores":[{"value":"0.15887","scoring_system":"epss","scoring_elements":"0.94873","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1828"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html","reference_id":"OSVDB-56406;CVE-2009-1828","reference_type":"exploit","scores":[],"url":"http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt","reference_id":"OSVDB-56406;CVE-2009-1828","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8822.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1828"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qyd-jcdw-suge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2864?format=json","vulnerability_id":"VCID-7rwb-wtw8-wqhz","summary":"Independent security researcher Kuza55 and\nMicrosoft security researcher Tom Gallagher reported\nthat when plugin-initiated requests receive a 307 redirect response,\nthe plugin is not notified and the request is forwarded to the new\nlocation.  This is true even for cross-site redirects, so any custom\nheaders that were added as part of the initial request would be\nforwarded intact across origins.  This poses a CSRF risk for web\napplications that rely on custom headers only being present in\nrequests from their own origin.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0059","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45743","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0059"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=681369","reference_id":"681369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=681369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059","reference_id":"CVE-2011-0059","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-10","reference_id":"mfsa2011-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0313","reference_id":"RHSA-2011:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0313"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0059"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rwb-wtw8-wqhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2250?format=json","vulnerability_id":"VCID-7tk5-9u1x-nkbj","summary":"Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to \"top\". This can allow for possible cross-site scripting (XSS) attacks through plugins. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4209","reference_id":"","reference_type":"","scores":[{"value":"0.02065","scoring_system":"epss","scoring_elements":"0.84241","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877632","reference_id":"877632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209","reference_id":"CVE-2012-4209","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103","reference_id":"mfsa2012-103","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4209"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tk5-9u1x-nkbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2177?format=json","vulnerability_id":"VCID-84nu-2fbp-qqc3","summary":"Security researcher Evgeny Legerov of Intevydis\nreported that the WOFF decoder contains an integer overflow in a\nfont decompression routine.  This flaw could result in too small a\nmemory buffer being allocated to store a downloadable font.  An\nattacker could use this vulnerability to crash a victim's browser\nand execute arbitrary code on his/her system.Support for the WOFF downloadable font format\nis new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect\nproducts built on earlier versions of the Mozilla browser engine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1028","reference_id":"","reference_type":"","scores":[{"value":"0.09896","scoring_system":"epss","scoring_elements":"0.93146","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1028"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566596","reference_id":"566596","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566596"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085","reference_id":"787085","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028","reference_id":"CVE-2010-1028","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-08","reference_id":"mfsa2010-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1028"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84nu-2fbp-qqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2673?format=json","vulnerability_id":"VCID-84tr-6hzu-hycc","summary":"Mozilla contributor Masahiro Yamada reported that\ncertain invisible control characters were being decoded when displayed\nin the location bar, resulting in fewer visible characters than were\npresent in the actual location.  An attacker could use this\nvulnerability to spoof the location bar and display a misleading URL\nfor their malicious web page.The initial version of this advisory incorrectly listed\nThunderbird and SeaMonkey as affected products. Firefox is the only\nproduct affected by this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0777","reference_id":"","reference_type":"","scores":[{"value":"0.02024","scoring_system":"epss","scoring_elements":"0.84095","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488292","reference_id":"488292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488292"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777","reference_id":"CVE-2009-0777","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-11","reference_id":"mfsa2009-11","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0777"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84tr-6hzu-hycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=json","vulnerability_id":"VCID-8611-tzyq-e7b3","summary":"Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content.  This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0182","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80075","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=586580","reference_id":"586580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=586580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182","reference_id":"CVE-2010-0182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24","reference_id":"mfsa2010-24","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0182"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8611-tzyq-e7b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2488?format=json","vulnerability_id":"VCID-8739-h7f2-tqe7","summary":"Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed.  The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped.  This issue could potentially be used to bypass naive script filtering and used in an XSS attack.  This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4066","reference_id":"","reference_type":"","scores":[{"value":"0.01204","scoring_system":"epss","scoring_elements":"0.79273","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4066"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463243","reference_id":"463243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463243"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066","reference_id":"CVE-2008-4066","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43","reference_id":"mfsa2008-43","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4066"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8739-h7f2-tqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2323?format=json","vulnerability_id":"VCID-87rg-y5r7-gfe8","summary":"Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting (XSS) attack through the context menu using a\ndata: URL. In this issue, context menu functionality (\"View Image\", \"Show only this frame\", and \"View background image\") are disallowed in a javascript: URL but allowed in a data: URL, allowing for XSS. This can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1966","reference_id":"","reference_type":"","scores":[{"value":"0.01351","scoring_system":"epss","scoring_elements":"0.80429","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840207","reference_id":"840207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966","reference_id":"CVE-2012-1966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46","reference_id":"mfsa2012-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1966"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87rg-y5r7-gfe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2904?format=json","vulnerability_id":"VCID-892p-jjxp-b3ch","summary":"Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3002","reference_id":"","reference_type":"","scores":[{"value":"0.0159","scoring_system":"epss","scoring_elements":"0.81969","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002","reference_id":"CVE-2011-3002","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41","reference_id":"mfsa2011-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3002"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-892p-jjxp-b3ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2296?format=json","vulnerability_id":"VCID-8bbr-kv7e-ubdy","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1954.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1954","reference_id":"","reference_type":"","scores":[{"value":"0.05001","scoring_system":"epss","scoring_elements":"0.89883","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1954"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954","reference_id":"CVE-2012-1954","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1954"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bbr-kv7e-ubdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2160?format=json","vulnerability_id":"VCID-8erf-ppv3-s3hp","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1201","reference_id":"","reference_type":"","scores":[{"value":"0.04587","scoring_system":"epss","scoring_elements":"0.89414","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=608108","reference_id":"608108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=608108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201","reference_id":"CVE-2010-1201","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1201"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1201"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8erf-ppv3-s3hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2192?format=json","vulnerability_id":"VCID-8fvy-p898-quf1","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3175","reference_id":"","reference_type":"","scores":[{"value":"0.03233","scoring_system":"epss","scoring_elements":"0.8731","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642275","reference_id":"642275","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175","reference_id":"CVE-2010-3175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3175"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fvy-p898-quf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2189?format=json","vulnerability_id":"VCID-8nnr-7fr7-gbc6","summary":"phpBB developer Henry Sudhof reported that when an\nimage tag points to a resource that redirects to\na mailto: URL, the external mail handler application is\nlaunched.  This issue poses no security threat to users but could\ncreate an annoyance when browsing a site that allows users to post\narbitrary images.This issue has not been fixed in Firefox 3.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0181","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.85999","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181","reference_id":"CVE-2010-0181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23","reference_id":"mfsa2010-23","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0181"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nnr-7fr7-gbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2345?format=json","vulnerability_id":"VCID-8nve-6ct9-p3hr","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3964","reference_id":"","reference_type":"","scores":[{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84478","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964","reference_id":"CVE-2012-3964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3964"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nve-6ct9-p3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2286?format=json","vulnerability_id":"VCID-8p74-crdm-a3hr","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5842.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5842","reference_id":"","reference_type":"","scores":[{"value":"0.01105","scoring_system":"epss","scoring_elements":"0.78432","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5842"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877614","reference_id":"877614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842","reference_id":"CVE-2012-5842","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91","reference_id":"mfsa2012-91","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5842"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8p74-crdm-a3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2493?format=json","vulnerability_id":"VCID-8ruf-tyrh-wyea","summary":"An anonymous security researcher reported via TippingPoint's Zero\nDay Initiative that insufficient checks were being performed to test\nwhether the Flash module was properly dynamically unloaded.\nThe researcher demonstrated that a SWF file which dynamically unloads\nitself from an outside JavaScript function can cause the browser to access\na memory address no longer mapped to the Flash module, resulting in a\ncrash.  This crash could be used by an attacker to run arbitrary code\non a victim's computer.Firefox 3 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5013","reference_id":"","reference_type":"","scores":[{"value":"0.2392","scoring_system":"epss","scoring_elements":"0.96128","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470867","reference_id":"470867","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013","reference_id":"CVE-2008-5013","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-49","reference_id":"mfsa2008-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5013"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ruf-tyrh-wyea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2436?format=json","vulnerability_id":"VCID-8s9w-1fdt-zqf3","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5016","reference_id":"","reference_type":"","scores":[{"value":"0.21255","scoring_system":"epss","scoring_elements":"0.95786","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470881","reference_id":"470881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016","reference_id":"CVE-2008-5016","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5016"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52","reference_id":"mfsa2008-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5016"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s9w-1fdt-zqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2199?format=json","vulnerability_id":"VCID-8th4-qk1v-m3f1","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3777","reference_id":"","reference_type":"","scores":[{"value":"0.06912","scoring_system":"epss","scoring_elements":"0.91555","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660415","reference_id":"660415","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777","reference_id":"CVE-2010-3777","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74","reference_id":"mfsa2010-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0969","reference_id":"RHSA-2010:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0969"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3777"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8th4-qk1v-m3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118753?format=json","vulnerability_id":"VCID-8tqt-thhv-puhw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0071","reference_id":"","reference_type":"","scores":[{"value":"0.10859","scoring_system":"epss","scoring_elements":"0.9351","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0071"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html","reference_id":"OSVDB-52657;CVE-2009-0071","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8091.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0071"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tqt-thhv-puhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2682?format=json","vulnerability_id":"VCID-8w8b-971x-aqhb","summary":"Mozilla security researcher moz_bug_r_a4 reported\na series of vulnerabilities in which objects that normally receive\na XPCCrossOriginWrapper are constructed without the\nwrapper.  This can lead to cases where JavaScript from one website may\nunsafely access properties of such an object which had been set by a\ndifferent website.  A malicious website could use this vulnerability\nto launch a XSS attack and run arbitrary JavaScript within the context\nof another site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2472","reference_id":"","reference_type":"","scores":[{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72394","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512147","reference_id":"512147","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472","reference_id":"CVE-2009-2472","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2472"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-40","reference_id":"mfsa2009-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2472"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8w8b-971x-aqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2283?format=json","vulnerability_id":"VCID-8wdc-cdyz-9qea","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4188.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4188","reference_id":"","reference_type":"","scores":[{"value":"0.52507","scoring_system":"epss","scoring_elements":"0.97988","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4188"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188","reference_id":"CVE-2012-4188","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4188"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wdc-cdyz-9qea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2245?format=json","vulnerability_id":"VCID-8xap-v6vg-vyaq","summary":"Bugzilla developer Frédéric Buclin reported that the\n\"X-Frame-Options header is ignored when the value is duplicated,\nfor example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This\nduplication occurs for unknown reasons on some websites and when it occurs\nresults in Mozilla browsers not being protected against possible clickjacking\nattacks on those pages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1961","reference_id":"","reference_type":"","scores":[{"value":"0.01172","scoring_system":"epss","scoring_elements":"0.79024","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840214","reference_id":"840214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961","reference_id":"CVE-2012-1961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51","reference_id":"mfsa2012-51","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1961"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xap-v6vg-vyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2832?format=json","vulnerability_id":"VCID-8zvx-szzh-cubm","summary":"Yosuke Hasegawa reported that the Mozilla browser engine\nmishandled invalid sequences in the Shift-JIS encoding. When encountering an\ninvalid pair Mozilla would turn the entire two-byte sequence into a single\nunknown character rather than an unknown character followed by a valid\nsingle-byte character. On some sites attackers may have been able to\nend their input with the first byte of a two byte sequence; when that\ninput was later put into a page context it might cause the following\ndelimiter (such as a double-quote) to be consumed, breaking the format\nof the page.  Depending on the page this could potentially be used to\nsteal data or inject script into the page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3648","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56878","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3648"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751932","reference_id":"751932","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648","reference_id":"CVE-2011-3648","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47","reference_id":"mfsa2011-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1437","reference_id":"RHSA-2011:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1438","reference_id":"RHSA-2011:1438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1439","reference_id":"RHSA-2011:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1440","reference_id":"RHSA-2011:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1440"},{"reference_url":"https://usn.ubuntu.com/1251-1/","reference_id":"USN-1251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1251-1/"},{"reference_url":"https://usn.ubuntu.com/1254-1/","reference_id":"USN-1254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1254-1/"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3648"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zvx-szzh-cubm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2333?format=json","vulnerability_id":"VCID-913y-fp3u-dqd2","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1973.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1973","reference_id":"","reference_type":"","scores":[{"value":"0.04246","scoring_system":"epss","scoring_elements":"0.88978","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1973"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973","reference_id":"CVE-2012-1973","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1973"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-913y-fp3u-dqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2846?format=json","vulnerability_id":"VCID-962z-cq1v-jqg3","summary":"Mariusz Mlynski reported that if you could convince\na user to hold down the Enter key--as part of a game or test,\nperhaps--a malicious page could pop up a download dialog where the held\nkey would then activate the default Open action. For some file types this\nwould be merely annoying (the equivalent of a pop-up) but other file\ntypes have powerful scripting capabilities. And this would provide an\navenue for an attacker to exploit a vulnerability in applications not\nnormally exposed to potentially hostile internet content.\nMariusz also reported a similar flaw with manual plugin installation\nusing the PLUGINSPAGE attribute. It was possible to create\nan internal error that suppressed a confirmation dialog, such that holding\nenter would lead to the installation of an arbitrary add-on. (This variant\ndid not affect Firefox 3.6)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3001","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4202","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001","reference_id":"CVE-2011-3001","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40","reference_id":"mfsa2011-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-40"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3001"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-962z-cq1v-jqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2183?format=json","vulnerability_id":"VCID-9b97-rcfn-fyhh","summary":"Security researcher Alexander Miller reported that\npassing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3179","reference_id":"","reference_type":"","scores":[{"value":"0.22551","scoring_system":"epss","scoring_elements":"0.9595","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642277","reference_id":"642277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179","reference_id":"CVE-2010-3179","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html","reference_id":"CVE-2010-3179;OSVDB-68850","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html"},{"reference_url":"https://www.securityfocus.com/bid/44247/info","reference_id":"CVE-2010-3179;OSVDB-68850","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/44247/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-65","reference_id":"mfsa2010-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3179"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9b97-rcfn-fyhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2176?format=json","vulnerability_id":"VCID-9d6f-k4cg-57gt","summary":"Google security researcher Chris Evans reported\nthat data can be read across domains by injecting bogus CSS selectors\ninto a target site and then retrieving the data using JavaScript APIs.\nIf an attacker can inject opening and closing portions of a CSS\nselector into points A and B of a target page, then the region between\nthe two injection points becomes readable to JavaScript through, for\nexample, the getComputedStyle() API.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0654","reference_id":"","reference_type":"","scores":[{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72472","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=568231","reference_id":"568231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=568231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654","reference_id":"CVE-2010-0654","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46","reference_id":"mfsa2010-46","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0654"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9d6f-k4cg-57gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2438?format=json","vulnerability_id":"VCID-9hn6-ug7p-akc9","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5018","reference_id":"","reference_type":"","scores":[{"value":"0.20193","scoring_system":"epss","scoring_elements":"0.95617","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5018"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470884","reference_id":"470884","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018","reference_id":"CVE-2008-5018","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52","reference_id":"mfsa2008-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5018"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hn6-ug7p-akc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2471?format=json","vulnerability_id":"VCID-9hzm-uexa-n7gc","summary":"ling and wushi of team509, via\nTippingPoint's Zero Day Initiative program, reported a flaw in part of\nMozilla's DOM constructing code.  This vulnerability can be exploited\nby modifying certain properties of a file input element before it has\nfinished initializing.  When the blur method of the\nmodified input element is called, uninitialized memory is accessed by\nthe browser, resulting in a crash.  This crash may be used by an\nattacker to run arbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5021","reference_id":"","reference_type":"","scores":[{"value":"0.23762","scoring_system":"epss","scoring_elements":"0.96105","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5021"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470894","reference_id":"470894","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021","reference_id":"CVE-2008-5021","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-55","reference_id":"mfsa2008-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5021"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzm-uexa-n7gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116610?format=json","vulnerability_id":"VCID-9jbk-g322-zfbj","summary":"firefox 3.5 various flaws","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2479","reference_id":"","reference_type":"","scores":[{"value":"0.11193","scoring_system":"epss","scoring_elements":"0.93639","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228","reference_id":"511228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html","reference_id":"OSVDB-55931;CVE-2009-2479","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2479"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jbk-g322-zfbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2669?format=json","vulnerability_id":"VCID-9kfx-ukhq-hbee","summary":"Web developer Cefn Hoile reported that sites which\nallow users to embed third-party stylesheets are vulnerable to script\ninjection attacks using XBL bindings.  While this behavior was\ndocumented previously, it was determined that this particular risk was\nnot well-understood by some websites.  To mitigate this risk Mozilla\nadded a restriction that requires XBL bindings to come from the same\norigin as the bound document.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1308","reference_id":"","reference_type":"","scores":[{"value":"0.01099","scoring_system":"epss","scoring_elements":"0.78376","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1308"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496266","reference_id":"496266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308","reference_id":"CVE-2009-1308","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-18","reference_id":"mfsa2009-18","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1308"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kfx-ukhq-hbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2378?format=json","vulnerability_id":"VCID-9kga-83c7-q3g5","summary":"Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the \"~\" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4207","reference_id":"","reference_type":"","scores":[{"value":"0.01278","scoring_system":"epss","scoring_elements":"0.79904","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4207"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877629","reference_id":"877629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207","reference_id":"CVE-2012-4207","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101","reference_id":"mfsa2012-101","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4207"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kga-83c7-q3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116627?format=json","vulnerability_id":"VCID-9ktj-zqhz-cbac","summary":"Thunderbird mail crash","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2210","reference_id":"","reference_type":"","scores":[{"value":"0.05533","scoring_system":"epss","scoring_elements":"0.90417","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=507812","reference_id":"507812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=507812"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1134","reference_id":"RHSA-2009:1134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2210"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ktj-zqhz-cbac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2838?format=json","vulnerability_id":"VCID-9nau-7u2c-x7e7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2378.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2378","reference_id":"","reference_type":"","scores":[{"value":"0.04955","scoring_system":"epss","scoring_elements":"0.89834","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2378"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730521","reference_id":"730521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378","reference_id":"CVE-2011-2378","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1166","reference_id":"RHSA-2011:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1166"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2378"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nau-7u2c-x7e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2406?format=json","vulnerability_id":"VCID-9q39-smj2-gyee","summary":"Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5836","reference_id":"","reference_type":"","scores":[{"value":"0.01381","scoring_system":"epss","scoring_elements":"0.80618","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5836"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877617","reference_id":"877617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836","reference_id":"CVE-2012-5836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94","reference_id":"mfsa2012-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-94"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5836"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9q39-smj2-gyee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2687?format=json","vulnerability_id":"VCID-9stf-3cns-4fcz","summary":"Security researcher Gregory Fleischer reported\nthat when an Adobe Flash file is loaded via\nthe view-source: scheme, the Flash plugin misinterprets\nthe origin of the content as localhost, leading to two specific\nvulnerabilities:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1307","reference_id":"","reference_type":"","scores":[{"value":"0.01373","scoring_system":"epss","scoring_elements":"0.80571","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1307"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496263","reference_id":"496263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496263"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307","reference_id":"CVE-2009-1307","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-17","reference_id":"mfsa2009-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1307"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9stf-3cns-4fcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2831?format=json","vulnerability_id":"VCID-9u32-fj4a-hffq","summary":"Security researcher Martin Barbella reported that\nunder certain conditions, viewing a XUL document while JavaScript was\ndisabled caused deleted memory to be accessed.  This flaw could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.XUL document support was disabled by default in\nFirefox 4 and SeaMonkey 2.1 and users of those versions are not generally\nat risk. It is possible for add-ons to re-enable the feature for specific\nsites (for example, to support a legacy intranet XUL application) which would\nhave introduced this vulnerability while browsing those sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2373","reference_id":"","reference_type":"","scores":[{"value":"0.03792","scoring_system":"epss","scoring_elements":"0.88284","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2373"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714577","reference_id":"714577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373","reference_id":"CVE-2011-2373","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-20","reference_id":"mfsa2011-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2373"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-fj4a-hffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2209?format=json","vulnerability_id":"VCID-9uc4-jfm8-jybw","summary":"Security researcher Eduardo Vela Nava reported that\nif a web page opened a new window and used a javascript: URL to make a\nmodal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow.  This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another web site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3178","reference_id":"","reference_type":"","scores":[{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.75323","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642294","reference_id":"642294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178","reference_id":"CVE-2010-3178","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-69","reference_id":"mfsa2010-69","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3178"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uc4-jfm8-jybw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2415?format=json","vulnerability_id":"VCID-a1cw-ujv7-gka5","summary":"Mozilla security researcher moz_bug_r_a4 reported\nan additional variation on the feed preview vulnerabilities\nfixed in Firefox 2.0.0.17.\nmoz_bug_r_a4 demonstrated that it was still possible to\nuse the feed preview as a vector for JavaScript privilege escalation.\nAn attacker could use this issue to run arbitrary JavaScript with\nchrome privileges.Firefox 3 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5504","reference_id":"","reference_type":"","scores":[{"value":"0.03153","scoring_system":"epss","scoring_elements":"0.87142","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5504"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476273","reference_id":"476273","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504","reference_id":"CVE-2008-5504","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-62","reference_id":"mfsa2008-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5504"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1cw-ujv7-gka5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2881?format=json","vulnerability_id":"VCID-a391-hcqz-p3ax","summary":"Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0065","reference_id":"","reference_type":"","scores":[{"value":"0.83259","scoring_system":"epss","scoring_elements":"0.99284","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700658","reference_id":"700658","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065","reference_id":"CVE-2011-0065","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html","reference_id":"CVE-2011-0065;OSVDB-72085","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13","reference_id":"mfsa2011-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0065"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a391-hcqz-p3ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2384?format=json","vulnerability_id":"VCID-a3yp-gt8d-9qaw","summary":"Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. \nAdditional vulnerable DLL file names were found and fixed in Firefox 18.0, Firefox ESR 17.0.1, and Firefox ESR 10.0.12 releases.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4206","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37377","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206","reference_id":"CVE-2012-4206","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98","reference_id":"mfsa2012-98","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4206"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yp-gt8d-9qaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2236?format=json","vulnerability_id":"VCID-a6qz-skp8-23d9","summary":"Mozilla security researcher moz_bug_r_a4 reported a\narbitrary code execution attack using a javascript: URL. The Gecko\nengine features a JavaScript sandbox utility that allows the browser or add-ons\nto safely execute script in the context of a web page. In certain cases,\njavascript: URLs are executed in such a sandbox with insufficient\ncontext that can allow those scripts to escape from the sandbox and run with\nelevated privilege. This can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1967.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1967","reference_id":"","reference_type":"","scores":[{"value":"0.03399","scoring_system":"epss","scoring_elements":"0.87631","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840259","reference_id":"840259","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840259"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967","reference_id":"CVE-2012-1967","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56","reference_id":"mfsa2012-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1967"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6qz-skp8-23d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2489?format=json","vulnerability_id":"VCID-a7t4-4g1x-guhw","summary":"Mozilla developer Jesse Ruderman demonstrated that\nby tampering with the window.__proto__.__proto__ object,\none can cause the browser to place a lock on a non-native object,\nleading to a crash. Although we have not demonstrated such control, a\ndetermined attacker might be able to exploit this crash to run\narbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5014","reference_id":"","reference_type":"","scores":[{"value":"0.25205","scoring_system":"epss","scoring_elements":"0.96295","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5014"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470873","reference_id":"470873","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014","reference_id":"CVE-2008-5014","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-50","reference_id":"mfsa2008-50","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5014"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7t4-4g1x-guhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2592?format=json","vulnerability_id":"VCID-a81r-cxqq-vqf6","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2462","reference_id":"","reference_type":"","scores":[{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.8773","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512128","reference_id":"512128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462","reference_id":"CVE-2009-2462","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2462"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2462"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a81r-cxqq-vqf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2895?format=json","vulnerability_id":"VCID-a9m3-2rfb-97cg","summary":"Security researcher Jordi Chancel reported that a\nJPEG image could be constructed that would be decoded incorrectly,\ncausing data to be written past the end of a buffer created to store\nthe image.  An attacker could potentially craft such an image that\nwould cause malicious code to be stored in memory and then later\nexecuted on a victim's computer.Firefox 3.5 was not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0061","reference_id":"","reference_type":"","scores":[{"value":"0.03978","scoring_system":"epss","scoring_elements":"0.88606","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675095","reference_id":"675095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061","reference_id":"CVE-2011-0061","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-09","reference_id":"mfsa2011-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0061"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9m3-2rfb-97cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2830?format=json","vulnerability_id":"VCID-acdp-mkw5-nkcc","summary":"Alex Miller reported that when very long strings\nwere constructed and inserted into an HTML document, the browser would\nincorrectly construct the layout objects used to display the text.\nUnder such conditions an incorrect length would be calculated for a\ntext run resulting in too small of a memory buffer being allocated to\nstore the text.  This issue could be used by an attacker to write data\npast the end of the buffer and execute malicious code on a victim's\ncomputer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0058.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0058","reference_id":"","reference_type":"","scores":[{"value":"0.07784","scoring_system":"epss","scoring_elements":"0.92109","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675143","reference_id":"675143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058","reference_id":"CVE-2011-0058","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-07","reference_id":"mfsa2011-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0058"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-acdp-mkw5-nkcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2398?format=json","vulnerability_id":"VCID-aegd-w8q3-9ket","summary":"Anne van Kesteren of Opera Software found a \nmulti-octet encoding issue where certain octets will destroy the following\noctets in the processing of some multibyte character sets. This can leave users\nvulnerable to cross-site scripting (XSS) attacks on maliciously crafted web\npages.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0471","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72885","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0471"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815021","reference_id":"815021","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471","reference_id":"CVE-2012-0471","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24","reference_id":"mfsa2012-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0471"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aegd-w8q3-9ket"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151058?format=json","vulnerability_id":"VCID-aekn-dts5-2yfw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2065","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53568","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2065"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2065"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aekn-dts5-2yfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2362?format=json","vulnerability_id":"VCID-af68-fxsm-1kbn","summary":"Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4202","reference_id":"","reference_type":"","scores":[{"value":"0.03493","scoring_system":"epss","scoring_elements":"0.87809","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877615","reference_id":"877615","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202","reference_id":"CVE-2012-4202","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92","reference_id":"mfsa2012-92","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-92"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4202"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-af68-fxsm-1kbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2148?format=json","vulnerability_id":"VCID-afs1-nyna-2khz","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2753","reference_id":"","reference_type":"","scores":[{"value":"0.04086","scoring_system":"epss","scoring_elements":"0.88769","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615466","reference_id":"615466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753","reference_id":"CVE-2010-2753","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40","reference_id":"mfsa2010-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54","reference_id":"mfsa2010-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2753"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afs1-nyna-2khz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2147?format=json","vulnerability_id":"VCID-ag56-4pye-f7e5","summary":"Mozilla developer Josh Soref of Nokia reported that\ndocuments failed to call certain security checks when attempting to\npreload images.  Although the image content is not available to the page, it\nis possible to specify protocols that are normally not allowed in a web page\nsuch as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something like a\nCross-Site Request Forgery (CSRF) attack against the add-on. Potential severity\nwould depend on the add-ons installed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0168","reference_id":"","reference_type":"","scores":[{"value":"0.12288","scoring_system":"epss","scoring_elements":"0.93994","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168","reference_id":"CVE-2010-0168","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html","reference_id":"CVE-2010-0168;OSVDB-63269","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33798.html"},{"reference_url":"https://www.securityfocus.com/bid/38927/info","reference_id":"CVE-2010-0168;OSVDB-63269","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/38927/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-13","reference_id":"mfsa2010-13","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0168"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ag56-4pye-f7e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2179?format=json","vulnerability_id":"VCID-aj2z-mctb-jke9","summary":"Security researcher Hidetake Jo of Microsoft\nVulnerability Research reported that the properties set on an object\npassed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain.  This is a violation of the same-origin policy and could\nresult in a website running untrusted JavaScript if it assumed\nthe dialogArguments could not be initialized by another\nsite.An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3988","reference_id":"","reference_type":"","scores":[{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60914","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3988"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566051","reference_id":"566051","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566051"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988","reference_id":"CVE-2009-3988","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-04","reference_id":"mfsa2010-04","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3988"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aj2z-mctb-jke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2896?format=json","vulnerability_id":"VCID-akcd-7vmy-2ubj","summary":"Security researcher Zach Hoffman reported that a\nrecursive call to eval() wrapped in\na try/catch statement places the browser into a\ninconsistent state.  Any dialog box opened in this state is displayed\nwithout text and with non-functioning buttons.  Closing the window\ncauses the dialog to evaluate to true.  An attacker could use this\nissue to force a user into accepting any dialog, such as one granting\nelevated privileges to the page presenting the dialog.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0051.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0051","reference_id":"","reference_type":"","scores":[{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76747","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0051"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675087","reference_id":"675087","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051","reference_id":"CVE-2011-0051","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-02","reference_id":"mfsa2011-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0312","reference_id":"RHSA-2011:0312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0313","reference_id":"RHSA-2011:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0313"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0051"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akcd-7vmy-2ubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2834?format=json","vulnerability_id":"VCID-apmt-rypt-jqej","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2982.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2982","reference_id":"","reference_type":"","scores":[{"value":"0.02496","scoring_system":"epss","scoring_elements":"0.85596","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730518","reference_id":"730518","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982","reference_id":"CVE-2011-2982","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1165","reference_id":"RHSA-2011:1165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1166","reference_id":"RHSA-2011:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1167","reference_id":"RHSA-2011:1167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1167"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2982"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apmt-rypt-jqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2899?format=json","vulnerability_id":"VCID-aptj-btqv-2ygb","summary":"Security researcher Roberto Suggi Liverani\nreported that ParanoidFragmentSink, a class used to\nsanitize potentially unsafe HTML for display,\nallows javascript: URLs and other inline JavaScript when\nthe embedding document is a chrome document.  While there are no\nunsafe uses of this class in any released products, extension code\ncould have potentially used it in an unsafe manner.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1585","reference_id":"","reference_type":"","scores":[{"value":"0.01466","scoring_system":"epss","scoring_elements":"0.8123","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675094","reference_id":"675094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585","reference_id":"CVE-2010-1585","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-08","reference_id":"mfsa2011-08","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1585"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aptj-btqv-2ygb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2889?format=json","vulnerability_id":"VCID-aqsc-b3nk-9kb4","summary":"Security researcher Christian Holler reported that\nthe JavaScript engine's internal mapping of string values contained an\nerror in cases where the number of values being stored was above 64K.\nIn such cases an offset pointer was manually moved forwards and\nbackwards to access the larger address space.  If an exception was\nthrown between the time that the offset pointer was moved forward and\nthe time it was reset, then the exception object would be read from an\ninvalid memory address, potentially executing attacker-controlled\nmemory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0056","reference_id":"","reference_type":"","scores":[{"value":"0.09158","scoring_system":"epss","scoring_elements":"0.92837","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0056"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675092","reference_id":"675092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056","reference_id":"CVE-2011-0056","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-05","reference_id":"mfsa2011-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0056"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqsc-b3nk-9kb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2594?format=json","vulnerability_id":"VCID-as3a-uscx-c3bb","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2465","reference_id":"","reference_type":"","scores":[{"value":"0.03426","scoring_system":"epss","scoring_elements":"0.8768","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512135","reference_id":"512135","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465","reference_id":"CVE-2009-2465","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2465"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2465"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-as3a-uscx-c3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2393?format=json","vulnerability_id":"VCID-atr8-vv1p-2ffp","summary":"Mozilla security researcher Mark Goodwin discovered an issue\nwith the Firefox developer tools' debugger. If remote debugging is disabled, but\nthe experimental HTTPMonitor extension has been installed and enabled, a remote\nuser can connect to and use the remote debugging service through the port used\nby HTTPMonitor. A remote-enabled flag has been added to resolve\nthis problem and close the port unless debugging is explicitly enabled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3973.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3973","reference_id":"","reference_type":"","scores":[{"value":"0.03046","scoring_system":"epss","scoring_elements":"0.86934","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3973"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851925","reference_id":"851925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973","reference_id":"CVE-2012-3973","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3973"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-66","reference_id":"mfsa2012-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-66"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3973"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atr8-vv1p-2ffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=json","vulnerability_id":"VCID-atus-ryef-17h1","summary":"Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue.  Firefox 3 does not contain the fix for this issue.","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"},{"reference_url":"http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"},{"reference_url":"http://blogs.iss.net/archive/sslmitmiscsrf.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://blogs.iss.net/archive/sslmitmiscsrf.html"},{"reference_url":"http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"},{"reference_url":"http://clicky.me/tlsvuln","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://clicky.me/tlsvuln"},{"reference_url":"http://extendedsubset.com/?p=8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://extendedsubset.com/?p=8"},{"reference_url":"http://extendedsubset.com/Renegotiating_TLS.pdf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://extendedsubset.com/Renegotiating_TLS.pdf"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"},{"reference_url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"},{"reference_url":"http://kbase.redhat.com/faq/docs/DOC-20491","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://kbase.redhat.com/faq/docs/DOC-20491"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"},{"reference_url":"http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"},{"reference_url":"http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=126150535619567&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=126150535619567&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127128920008563&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=127128920008563&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127419602507642&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=127419602507642&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127557596201693&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=127557596201693&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=130497311408250&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=130497311408250&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=132077688910227&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=132077688910227&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2"},{"reference_url":"http://marc.info/?l=cryptography&m=125752275331877&w=2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://marc.info/?l=cryptography&m=125752275331877&w=2"},{"reference_url":"http://openbsd.org/errata45.html#010_openssl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://openbsd.org/errata45.html#010_openssl"},{"reference_url":"http://openbsd.org/errata46.html#004_openssl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://openbsd.org/errata46.html#004_openssl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1579","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1580","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1694","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0011","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0130","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0162","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0164","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0165","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0167","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0337","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0338","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0339","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0408","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0440","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0768","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0770","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0786","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0807","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0865","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0986","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0987","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0880","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2009-3555","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2009-3555"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3555","reference_id":"","reference_type":"","scores":[{"value":"0.03741","scoring_system":"epss","scoring_elements":"0.88216","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3555"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=526689","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=526689"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=545755","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=545755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=533125","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=533125"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=50325","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=50325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"},{"reference_url":"http://seclists.org/fulldisclosure/2009/Nov/139","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://seclists.org/fulldisclosure/2009/Nov/139"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200912-01.xml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://security.gentoo.org/glsa/glsa-200912-01.xml"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201203-22.xml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://security.gentoo.org/glsa/glsa-201203-22.xml"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54158","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5"},{"reference_url":"https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d"},{"reference_url":"https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3"},{"reference_url":"https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701"},{"reference_url":"https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02"},{"reference_url":"https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3"},{"reference_url":"https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d"},{"reference_url":"https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366"},{"reference_url":"https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"},{"reference_url":"https://kb.bluecoat.com/index?page=content&id=SA50","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://kb.bluecoat.com/index?page=content&id=SA50"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446"},{"reference_url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535"},{"reference_url":"https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"},{"reference_url":"https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"},{"reference_url":"https://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html"},{"reference_url":"https://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"},{"reference_url":"http://support.apple.com/kb/HT4004","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.apple.com/kb/HT4004"},{"reference_url":"http://support.apple.com/kb/HT4170","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.apple.com/kb/HT4170"},{"reference_url":"http://support.apple.com/kb/HT4171","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.apple.com/kb/HT4171"},{"reference_url":"http://support.avaya.com/css/P8/documents/100070150","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100070150"},{"reference_url":"http://support.avaya.com/css/P8/documents/100081611","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100081611"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114315","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114315"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114327","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.avaya.com/css/P8/documents/100114327"},{"reference_url":"http://support.citrix.com/article/CTX123359","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.citrix.com/article/CTX123359"},{"reference_url":"http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"},{"reference_url":"http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"},{"reference_url":"http://sysoev.ru/nginx/patch.cve-2009-3555.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://sysoev.ru/nginx/patch.cve-2009-3555.txt"},{"reference_url":"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"},{"reference_url":"http://ubuntu.com/usn/usn-923-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://ubuntu.com/usn/usn-923-1"},{"reference_url":"http://wiki.rpath.com/Advisories:rPSA-2009-0155","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://wiki.rpath.com/Advisories:rPSA-2009-0155"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21426108","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21426108"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21432298","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21432298"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg24006386","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24006386"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025312","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025312"},{"reference_url":"http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only"},{"reference_url":"http://www.arubanetworks.com/support/alerts/aid-020810.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.arubanetworks.com/support/alerts/aid-020810.txt"},{"reference_url":"http://www.betanews.com/article/1257452450","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.betanews.com/article/1257452450"},{"reference_url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"},{"reference_url":"http://www.debian.org/security/2009/dsa-1934","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.debian.org/security/2009/dsa-1934"},{"reference_url":"http://www.debian.org/security/2011/dsa-2141","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.debian.org/security/2011/dsa-2141"},{"reference_url":"http://www.debian.org/security/2015/dsa-3253","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.debian.org/security/2015/dsa-3253"},{"reference_url":"http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"},{"reference_url":"http://www.ietf.org/mail-archive/web/tls/current/msg03928.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"},{"reference_url":"http://www.ietf.org/mail-archive/web/tls/current/msg03948.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"},{"reference_url":"http://www.ingate.com/Relnote.php?ver=481","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ingate.com/Relnote.php?ver=481"},{"reference_url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"},{"reference_url":"http://www.kb.cert.org/vuls/id/120541","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.kb.cert.org/vuls/id/120541"},{"reference_url":"http://www.links.org/?p=780","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.links.org/?p=780"},{"reference_url":"http://www.links.org/?p=786","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.links.org/?p=786"},{"reference_url":"http://www.links.org/?p=789","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.links.org/?p=789"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:089","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"},{"reference_url":"http://www.mozilla.org/security/announce/2010/mfsa2010-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"},{"reference_url":"http://www.openoffice.org/security/cves/CVE-2009-3555.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openoffice.org/security/cves/CVE-2009-3555.html"},{"reference_url":"http://www.openssl.org/news/secadv_20091111.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openssl.org/news/secadv_20091111.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/05/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/05/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/05/5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/05/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/06/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/06/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/07/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/07/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/20/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/23/10","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2009/11/23/10"},{"reference_url":"http://www.opera.com/docs/changelogs/unix/1060","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.opera.com/docs/changelogs/unix/1060"},{"reference_url":"http://www.opera.com/support/search/view/944","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.opera.com/support/search/view/944"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"},{"reference_url":"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0130.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0130.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0155.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0155.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0165.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0165.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0167.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0167.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0337.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0337.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0338.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0338.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0339.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0339.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0768.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0768.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0770.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0770.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0786.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0786.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0807.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0807.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0865.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0865.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0986.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0986.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0987.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0987.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0880.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2011-0880.html"},{"reference_url":"http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"},{"reference_url":"http://www.tombom.co.uk/blog/?p=85","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.tombom.co.uk/blog/?p=85"},{"reference_url":"http://www.ubuntu.com/usn/USN-1010-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-1010-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-927-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-927-4"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.ubuntu.com/usn/USN-927-5"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-222A.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-222A.html"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-287A.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-287A.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2010-0019.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vmware.com/security/advisories/VMSA-2010-0019.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0032","reference_id":"0032","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0032"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0033","reference_id":"0033","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0033"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0086","reference_id":"0086","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0086"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0086","reference_id":"0086","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0086"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0173","reference_id":"0173","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0173"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0748","reference_id":"0748","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0748"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0848","reference_id":"0848","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0848"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0916","reference_id":"0916","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0916"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0933","reference_id":"0933","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0933"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0982","reference_id":"0982","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0982"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0994","reference_id":"0994","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/0994"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1054","reference_id":"1054","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1054"},{"reference_url":"http://www.opera.com/docs/changelogs/unix/1060/","reference_id":"1060","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.opera.com/docs/changelogs/unix/1060/"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1191","reference_id":"1191","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1191"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1350","reference_id":"1350","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1350"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1639","reference_id":"1639","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1639"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1673","reference_id":"1673","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1673"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1793","reference_id":"1793","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/1793"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2010","reference_id":"2010","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2010"},{"reference_url":"http://www.vupen.com/english/advisories/2010/2745","reference_id":"2745","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/2745"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3069","reference_id":"3069","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3069"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3086","reference_id":"3086","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3086"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3126","reference_id":"3126","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3126"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3164","reference_id":"3164","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3164"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3165","reference_id":"3165","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3165"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3205","reference_id":"3205","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3205"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3220","reference_id":"3220","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3220"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3310","reference_id":"3310","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3310"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3313","reference_id":"3313","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3313"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3353","reference_id":"3353","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3353"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3354","reference_id":"3354","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3354"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3484","reference_id":"3484","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3484"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3521","reference_id":"3521","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3521"},{"reference_url":"http://www.vupen.com/english/advisories/2009/3587","reference_id":"3587","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.vupen.com/english/advisories/2009/3587"},{"reference_url":"http://www.securityfocus.com/bid/36935","reference_id":"36935","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/bid/36935"},{"reference_url":"http://secunia.com/advisories/37291","reference_id":"37291","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37291"},{"reference_url":"http://secunia.com/advisories/37292","reference_id":"37292","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37292"},{"reference_url":"http://secunia.com/advisories/37320","reference_id":"37320","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37320"},{"reference_url":"http://secunia.com/advisories/37383","reference_id":"37383","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37383"},{"reference_url":"http://secunia.com/advisories/37399","reference_id":"37399","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37399"},{"reference_url":"http://secunia.com/advisories/37453","reference_id":"37453","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37453"},{"reference_url":"http://secunia.com/advisories/37501","reference_id":"37501","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37501"},{"reference_url":"http://secunia.com/advisories/37504","reference_id":"37504","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37504"},{"reference_url":"http://secunia.com/advisories/37604","reference_id":"37604","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37604"},{"reference_url":"http://secunia.com/advisories/37640","reference_id":"37640","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37640"},{"reference_url":"http://secunia.com/advisories/37656","reference_id":"37656","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37656"},{"reference_url":"http://secunia.com/advisories/37675","reference_id":"37675","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37675"},{"reference_url":"http://secunia.com/advisories/37859","reference_id":"37859","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/37859"},{"reference_url":"http://secunia.com/advisories/38003","reference_id":"38003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38003"},{"reference_url":"http://secunia.com/advisories/38020","reference_id":"38020","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38020"},{"reference_url":"http://secunia.com/advisories/38056","reference_id":"38056","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38056"},{"reference_url":"http://secunia.com/advisories/38241","reference_id":"38241","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38241"},{"reference_url":"http://secunia.com/advisories/38484","reference_id":"38484","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38484"},{"reference_url":"http://secunia.com/advisories/38687","reference_id":"38687","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38687"},{"reference_url":"http://secunia.com/advisories/38781","reference_id":"38781","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/38781"},{"reference_url":"http://secunia.com/advisories/39127","reference_id":"39127","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39127"},{"reference_url":"http://secunia.com/advisories/39136","reference_id":"39136","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39136"},{"reference_url":"http://secunia.com/advisories/39242","reference_id":"39242","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39242"},{"reference_url":"http://secunia.com/advisories/39243","reference_id":"39243","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39243"},{"reference_url":"http://secunia.com/advisories/39278","reference_id":"39278","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39278"},{"reference_url":"http://secunia.com/advisories/39292","reference_id":"39292","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39292"},{"reference_url":"http://secunia.com/advisories/39317","reference_id":"39317","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39317"},{"reference_url":"http://secunia.com/advisories/39461","reference_id":"39461","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39461"},{"reference_url":"http://secunia.com/advisories/39500","reference_id":"39500","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39500"},{"reference_url":"http://secunia.com/advisories/39628","reference_id":"39628","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39628"},{"reference_url":"http://secunia.com/advisories/39632","reference_id":"39632","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39632"},{"reference_url":"http://secunia.com/advisories/39713","reference_id":"39713","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39713"},{"reference_url":"http://secunia.com/advisories/39819","reference_id":"39819","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/39819"},{"reference_url":"http://secunia.com/advisories/40070","reference_id":"40070","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40070"},{"reference_url":"http://secunia.com/advisories/40545","reference_id":"40545","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40545"},{"reference_url":"http://secunia.com/advisories/40747","reference_id":"40747","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40747"},{"reference_url":"http://secunia.com/advisories/40866","reference_id":"40866","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/40866"},{"reference_url":"http://secunia.com/advisories/41480","reference_id":"41480","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41480"},{"reference_url":"http://secunia.com/advisories/41490","reference_id":"41490","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41490"},{"reference_url":"http://secunia.com/advisories/41818","reference_id":"41818","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41818"},{"reference_url":"http://secunia.com/advisories/41967","reference_id":"41967","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41967"},{"reference_url":"http://secunia.com/advisories/41972","reference_id":"41972","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/41972"},{"reference_url":"http://secunia.com/advisories/42377","reference_id":"42377","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42377"},{"reference_url":"http://secunia.com/advisories/42379","reference_id":"42379","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42379"},{"reference_url":"http://secunia.com/advisories/42467","reference_id":"42467","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42467"},{"reference_url":"http://secunia.com/advisories/42724","reference_id":"42724","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42724"},{"reference_url":"http://secunia.com/advisories/42733","reference_id":"42733","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42733"},{"reference_url":"http://secunia.com/advisories/42808","reference_id":"42808","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42808"},{"reference_url":"http://secunia.com/advisories/42811","reference_id":"42811","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42811"},{"reference_url":"http://secunia.com/advisories/42816","reference_id":"42816","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/42816"},{"reference_url":"http://secunia.com/advisories/43308","reference_id":"43308","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/43308"},{"reference_url":"http://secunia.com/advisories/44954","reference_id":"44954","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/44954"},{"reference_url":"http://secunia.com/advisories/48577","reference_id":"48577","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://secunia.com/advisories/48577"},{"reference_url":"http://www.securityfocus.com/archive/1/522176","reference_id":"522176","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/522176"},{"reference_url":"http://osvdb.org/60521","reference_id":"60521","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/60521"},{"reference_url":"http://osvdb.org/60972","reference_id":"60972","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/60972"},{"reference_url":"http://osvdb.org/62210","reference_id":"62210","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/62210"},{"reference_url":"http://osvdb.org/65202","reference_id":"65202","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://osvdb.org/65202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649","reference_id":"765649","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649"},{"reference_url":"http://www.opera.com/support/search/view/944/","reference_id":"944","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.opera.com/support/search/view/944/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555","reference_id":"CVE-2009-3555","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py","reference_id":"CVE-2009-3555","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555","reference_id":"CVE-2009-3555","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt","reference_id":"CVE-2009-3555;OSVDB-59970","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt"},{"reference_url":"https://www.securityfocus.com/bid/35888/info","reference_id":"CVE-2009-3555;OSVDB-59970","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35888/info"},{"reference_url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E","reference_id":"f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6","reference_id":"GHSA-f7w7-6pjc-wwm6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6"},{"reference_url":"https://security.gentoo.org/glsa/200912-01","reference_id":"GLSA-200912-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-01"},{"reference_url":"https://security.gentoo.org/glsa/201006-18","reference_id":"GLSA-201006-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-18"},{"reference_url":"https://security.gentoo.org/glsa/201110-05","reference_id":"GLSA-201110-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-05"},{"reference_url":"https://security.gentoo.org/glsa/201203-22","reference_id":"GLSA-201203-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-22"},{"reference_url":"https://security.gentoo.org/glsa/201206-18","reference_id":"GLSA-201206-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-18"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201309-15","reference_id":"GLSA-201309-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-15"},{"reference_url":"https://security.gentoo.org/glsa/201311-13","reference_id":"GLSA-201311-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-13"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"http://securitytracker.com/id?1023148","reference_id":"id?1023148","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://securitytracker.com/id?1023148"},{"reference_url":"http://www.securitytracker.com/id?1023163","reference_id":"id?1023163","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023163"},{"reference_url":"http://www.securitytracker.com/id?1023204","reference_id":"id?1023204","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023204"},{"reference_url":"http://www.securitytracker.com/id?1023205","reference_id":"id?1023205","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023205"},{"reference_url":"http://www.securitytracker.com/id?1023206","reference_id":"id?1023206","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023206"},{"reference_url":"http://www.securitytracker.com/id?1023207","reference_id":"id?1023207","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023207"},{"reference_url":"http://www.securitytracker.com/id?1023208","reference_id":"id?1023208","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023208"},{"reference_url":"http://www.securitytracker.com/id?1023209","reference_id":"id?1023209","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023209"},{"reference_url":"http://www.securitytracker.com/id?1023210","reference_id":"id?1023210","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023210"},{"reference_url":"http://www.securitytracker.com/id?1023211","reference_id":"id?1023211","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023211"},{"reference_url":"http://www.securitytracker.com/id?1023212","reference_id":"id?1023212","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023212"},{"reference_url":"http://www.securitytracker.com/id?1023213","reference_id":"id?1023213","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023213"},{"reference_url":"http://www.securitytracker.com/id?1023214","reference_id":"id?1023214","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023214"},{"reference_url":"http://www.securitytracker.com/id?1023215","reference_id":"id?1023215","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023215"},{"reference_url":"http://www.securitytracker.com/id?1023216","reference_id":"id?1023216","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023216"},{"reference_url":"http://www.securitytracker.com/id?1023217","reference_id":"id?1023217","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023217"},{"reference_url":"http://www.securitytracker.com/id?1023218","reference_id":"id?1023218","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023218"},{"reference_url":"http://www.securitytracker.com/id?1023219","reference_id":"id?1023219","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023219"},{"reference_url":"http://www.securitytracker.com/id?1023224","reference_id":"id?1023224","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023224"},{"reference_url":"http://www.securitytracker.com/id?1023243","reference_id":"id?1023243","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023243"},{"reference_url":"http://www.securitytracker.com/id?1023270","reference_id":"id?1023270","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023270"},{"reference_url":"http://www.securitytracker.com/id?1023271","reference_id":"id?1023271","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023271"},{"reference_url":"http://www.securitytracker.com/id?1023272","reference_id":"id?1023272","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023272"},{"reference_url":"http://www.securitytracker.com/id?1023273","reference_id":"id?1023273","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023273"},{"reference_url":"http://www.securitytracker.com/id?1023274","reference_id":"id?1023274","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023274"},{"reference_url":"http://www.securitytracker.com/id?1023275","reference_id":"id?1023275","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023275"},{"reference_url":"http://www.securitytracker.com/id?1023411","reference_id":"id?1023411","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023411"},{"reference_url":"http://www.securitytracker.com/id?1023426","reference_id":"id?1023426","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023426"},{"reference_url":"http://www.securitytracker.com/id?1023427","reference_id":"id?1023427","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023427"},{"reference_url":"http://www.securitytracker.com/id?1023428","reference_id":"id?1023428","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1023428"},{"reference_url":"http://www.securitytracker.com/id?1024789","reference_id":"id?1024789","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securitytracker.com/id?1024789"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22","reference_id":"mfsa2010-22","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A10088","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A11578","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A11617","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A7315","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A7478","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A7973","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A8366","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A8535","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"},{"reference_url":"http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html","reference_id":"plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"},{"reference_url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E","reference_id":"re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"},{"reference_url":"http://www.securityfocus.com/archive/1/507952/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/507952/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/508075/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/508075/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/508130/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/508130/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/515055/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/515055/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-27T15:38:52Z/"}],"url":"http://www.securityfocus.com/archive/1/516397/100/0/threaded"},{"reference_url":"https://usn.ubuntu.com/1010-1/","reference_id":"USN-1010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1010-1/"},{"reference_url":"https://usn.ubuntu.com/860-1/","reference_id":"USN-860-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/860-1/"},{"reference_url":"https://usn.ubuntu.com/923-1/","reference_id":"USN-923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/923-1/"},{"reference_url":"https://usn.ubuntu.com/927-1/","reference_id":"USN-927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-1/"},{"reference_url":"https://usn.ubuntu.com/927-4/","reference_id":"USN-927-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-4/"},{"reference_url":"https://usn.ubuntu.com/927-6/","reference_id":"USN-927-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-6/"},{"reference_url":"https://usn.ubuntu.com/990-1/","reference_id":"USN-990-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/990-1/"},{"reference_url":"https://usn.ubuntu.com/990-2/","reference_id":"USN-990-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/990-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3555","GHSA-f7w7-6pjc-wwm6","VU#120541"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2367?format=json","vulnerability_id":"VCID-avt8-7dua-tyey","summary":"For historical reasons Firefox has been generous in its interpretation of web\naddresses containing square brackets around the host. If this host was not a\nvalid IPv6 literal address, Firefox attempted to interpret the host as a regular\ndomain name. Gregory Fleischer reported that requests made\nusing IPv6 syntax using XMLHttpRequest objects through a proxy may generate\nerrors depending on proxy configuration for IPv6. The resulting error messages\nfrom the proxy may disclose sensitive data because Same-Origin Policy (SOP) will\nallow the XMLHttpRequest object to read these error messages, allowing user\nprivacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that\nmay break links written using the non-standard Firefox-only forms that were\npreviously accepted.\nThis was fixed previously for Firefox 7.0, Thunderbird 7.0, and\nSeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during\n2012.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3670","reference_id":"","reference_type":"","scores":[{"value":"0.00725","scoring_system":"epss","scoring_elements":"0.72943","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=785464","reference_id":"785464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=785464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670","reference_id":"CVE-2011-3670","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02","reference_id":"mfsa2012-02","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0084","reference_id":"RHSA-2012:0084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0085","reference_id":"RHSA-2012:0085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0085"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3670"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avt8-7dua-tyey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2349?format=json","vulnerability_id":"VCID-b3f8-xs54-x3hm","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1971","reference_id":"","reference_type":"","scores":[{"value":"0.02146","scoring_system":"epss","scoring_elements":"0.84545","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851908","reference_id":"851908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971","reference_id":"CVE-2012-1971","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57","reference_id":"mfsa2012-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-57"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1971"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3f8-xs54-x3hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2132?format=json","vulnerability_id":"VCID-b5d8-xmt5-n3fk","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit.  This reference could subsequently be accessed, potentially\ncausing the execution of attacker controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1208","reference_id":"","reference_type":"","scores":[{"value":"0.01551","scoring_system":"epss","scoring_elements":"0.81748","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1208"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615458","reference_id":"615458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615458"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208","reference_id":"CVE-2010-1208","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35","reference_id":"mfsa2010-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1208"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5d8-xmt5-n3fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2143?format=json","vulnerability_id":"VCID-b757-b3zk-c7d8","summary":"OUSPG researcher Aki Helin reported a buffer\noverflow in Mozilla graphics code which consumes image data processed\nby libpng.  A malformed PNG file could be created which would cause\nlibpng to incorrectly report the size of the image to downstream\nconsumers.  When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer.  This could result in the\nexecution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1205","reference_id":"","reference_type":"","scores":[{"value":"0.14816","scoring_system":"epss","scoring_elements":"0.94633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=608238","reference_id":"608238","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=608238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205","reference_id":"CVE-2010-1205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c","reference_id":"CVE-2010-1205","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1205","reference_id":"CVE-2010-1205","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1205"},{"reference_url":"https://security.gentoo.org/glsa/201010-01","reference_id":"GLSA-201010-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201010-01"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201412-08","reference_id":"GLSA-201412-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-08"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41","reference_id":"mfsa2010-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0534","reference_id":"RHSA-2010:0534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"},{"reference_url":"https://usn.ubuntu.com/960-1/","reference_id":"USN-960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1205"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b757-b3zk-c7d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2356?format=json","vulnerability_id":"VCID-bacb-nrmv-bkhf","summary":"Security researcher Frédéric Hoguin reported two related\nissues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)\nformat files. When processing a negative \"height\" header value for the bitmap\nimage, a memory corruption can be induced, allowing an attacker to write random\nmemory and cause a crash. This crash may be potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3966","reference_id":"","reference_type":"","scores":[{"value":"0.03664","scoring_system":"epss","scoring_elements":"0.88097","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851918","reference_id":"851918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966","reference_id":"CVE-2012-3966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-61","reference_id":"mfsa2012-61","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3966"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bacb-nrmv-bkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2603?format=json","vulnerability_id":"VCID-bchr-4frg-pkcd","summary":"Mozilla security researcher moz_bug_r_a4 reported\na vulnerability which allows scripts from page content to run with\nelevated privileges.  Using this vulnerability, an attacker could\ncause a chrome privileged object, such as the browser sidebar or the\nFeedWriter, to interact with web content in such a way that attacker\ncontrolled code may be executed with the object's chrome\nprivileges.Thunderbird supports neither the sidebar nor\nBrowserFeedWriter objects and is not vulnerable in its default\nconfiguration. Thunderbird might be vulnerable if the user has installed\nany add-on which adds a similarly implemented feature and then enables\nJavaScript in mail messages.  This is not the default setting and we\nstrongly discourage users from running JavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1841","reference_id":"","reference_type":"","scores":[{"value":"0.04241","scoring_system":"epss","scoring_elements":"0.8897","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1841"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503583","reference_id":"503583","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841","reference_id":"CVE-2009-1841","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-32","reference_id":"mfsa2009-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1841"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bchr-4frg-pkcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2412?format=json","vulnerability_id":"VCID-beq8-87ps-zqfn","summary":"Security researchers Jordi Chancel and Eddy\nBordi reported that they could short-circuit page loads to show the\naddress of a different site than what is loaded in the window in the addressbar.\nSecurity researcher Chris McGowen independently reported the\nsame flaw, and further demonstrated that this could lead to loading scripts from\nthe attacker's site, leaving users vulnerable to cross-site scripting (XSS)\nattacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0474.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0474","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72069","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0474"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815024","reference_id":"815024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474","reference_id":"CVE-2012-0474","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27","reference_id":"mfsa2012-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0474"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-beq8-87ps-zqfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2360?format=json","vulnerability_id":"VCID-bs57-6fkx-67gd","summary":"Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4210","reference_id":"","reference_type":"","scores":[{"value":"0.03834","scoring_system":"epss","scoring_elements":"0.88366","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877633","reference_id":"877633","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210","reference_id":"CVE-2012-4210","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104","reference_id":"mfsa2012-104","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4210"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bs57-6fkx-67gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2324?format=json","vulnerability_id":"VCID-bsex-hp53-7kd7","summary":"Mozilla developer Bobby Holley found that same-compartment\nsecurity wrappers (SCSW) can be bypassed by passing them to another compartment.\nCross-compartment wrappers often do not go through SCSW, but have a filtering\npolicy built into them. When an object is wrapped cross-compartment, the SCSW is\nstripped off and, when the object is read read back, it is not known that SCSW\nwas previously present, resulting in a bypassing of SCSW. This could result in\nuntrusted content having access to the XBL that implements browser\nfunctionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1959","reference_id":"","reference_type":"","scores":[{"value":"0.0093","scoring_system":"epss","scoring_elements":"0.76479","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1959"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840212","reference_id":"840212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959","reference_id":"CVE-2012-1959","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49","reference_id":"mfsa2012-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1959"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsex-hp53-7kd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2374?format=json","vulnerability_id":"VCID-bt99-t9ek-nqg1","summary":"Security researcher Daniel Divricean reported that a defect\nin the error handling of javascript errors can leak the file names and location\nof javascript files on a server, leading to inadvertent information disclosure\nand a vector for further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1187","reference_id":"","reference_type":"","scores":[{"value":"0.00891","scoring_system":"epss","scoring_elements":"0.75912","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187","reference_id":"815187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187","reference_id":"CVE-2011-1187","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1187"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32","reference_id":"mfsa2012-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-1187"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bt99-t9ek-nqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2615?format=json","vulnerability_id":"VCID-bthe-736u-bqct","summary":"Mozilla add-on developer and community member Wladimir\nPalant reported broken functionality on pages that had a\nLink: HTTP header when an add-on was installed\nwhich implemented a Content Policy in JavaScript, such\nas AdBlock Plus or NoScript.  Mozilla security\nresearcher moz_bug_r_a4 demonstrated that the broken\nfunctionality was due to the window's global object\nreceiving an incorrect security wrapper and that this issue could be\nused to execute arbitrary JavaScript with chrome privileges.This vulnerability does not affect Firefox\nprior to version 3.5","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2665","reference_id":"","reference_type":"","scores":[{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80508","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665","reference_id":"CVE-2009-2665","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2665"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-46","reference_id":"mfsa2009-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2665"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bthe-736u-bqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2364?format=json","vulnerability_id":"VCID-btpx-49ky-eqbk","summary":"Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1947.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1947","reference_id":"","reference_type":"","scores":[{"value":"0.06784","scoring_system":"epss","scoring_elements":"0.91473","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1947"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843","reference_id":"827843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947","reference_id":"CVE-2012-1947","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40","reference_id":"mfsa2012-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1947"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-btpx-49ky-eqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2855?format=json","vulnerability_id":"VCID-bvjs-ev8j-2ka1","summary":"Ian Graham of Citrix Online reported that when multiple\nLocation headers were present in a redirect response \nMozilla behavior differed from other browsers: Mozilla would use the second\nLocation header while Chrome and Internet Explorer would use\nthe first. Two copies of this header with different values could be a symptom\nof a CRLF injection attack against a vulnerable server. Most commonly it is\nthe Location header itself that is vulnerable to the response\nsplitting and therefore the copy preferred by Mozilla is more likely to be\nthe malicious one. It is possible, however, that the first copy was the\ninjected one depending on the nature of the server vulnerability.\nThe Mozilla browser engine has been changed to treat two copies of this\nheader with different values as an error condition. The same has been done\nwith the headers Content-Length and Content-Disposition","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3000","reference_id":"","reference_type":"","scores":[{"value":"0.01301","scoring_system":"epss","scoring_elements":"0.80076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3000"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741905","reference_id":"741905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000","reference_id":"CVE-2011-3000","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-39","reference_id":"mfsa2011-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3000"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvjs-ev8j-2ka1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2634?format=json","vulnerability_id":"VCID-bwba-bq5v-y3cf","summary":"Security research firm iDefense reported that\nresearcher regenrecht discovered a heap-based buffer\noverflow in Mozilla's GIF image parser.  This vulnerability could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3373","reference_id":"","reference_type":"","scores":[{"value":"0.11615","scoring_system":"epss","scoring_elements":"0.93786","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3373"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530156","reference_id":"530156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373","reference_id":"CVE-2009-3373","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt","reference_id":"CVE-2009-3373;OSVDB-59393","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33313.txt"},{"reference_url":"https://www.securityfocus.com/bid/36855/info","reference_id":"CVE-2009-3373;OSVDB-59393","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36855/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56","reference_id":"mfsa2009-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3373"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwba-bq5v-y3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2202?format=json","vulnerability_id":"VCID-bxjx-hxgs-r7fh","summary":"Security researcher O. Andersen reported that\nundefined positions within various 8 bit character encodings are\nmapped to the sequence U+FFFD which when displayed causes the\nimmediately following character to disappear from the text run.  This\ncould potentially contribute to XSS problems on sites which expected\nextra characters to be present within strings being sanitized on the\nserver.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1210","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58524","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615474","reference_id":"615474","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210","reference_id":"CVE-2010-1210","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44","reference_id":"mfsa2010-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1210"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxjx-hxgs-r7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2612?format=json","vulnerability_id":"VCID-by67-ztwk-8kh3","summary":"Mozilla security researcher moz_bug_r_a4 reported that\na form input control's type could be changed during the restoration of a\nclosed tab. An attacker could set an input control's text value to the\npath of a local file whose location was known to the attacker. If the tab\nwas then closed and the victim persuaded to re-open it, upon restoring the\ntab the attacker could use this vulnerability to change the input type to\nfile. Scripts in the page could then automatically submit\nthe form and steal the contents of the user's local file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0355","reference_id":"","reference_type":"","scores":[{"value":"0.02431","scoring_system":"epss","scoring_elements":"0.85428","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0355"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483143","reference_id":"483143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355","reference_id":"CVE-2009-0355","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-03","reference_id":"mfsa2009-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"},{"reference_url":"https://usn.ubuntu.com/717-2/","reference_id":"USN-717-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0355"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-by67-ztwk-8kh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2458?format=json","vulnerability_id":"VCID-by8v-e1uc-kubb","summary":"Security researcher Liu Die Yu of\nTopsecTianRongXin reported that locally saved .url shortcut files\ncould be used to read information stored in the local cache.  An\nattacker could use this vulnerability to steal information from a\nvictim's browser cache if they were able to get the victim to download\ntwo separate files, a .url shortcut and a HTML file.  Given the\nrelative complexity of this attack, the severity of the issue was\ndetermined to be moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4582.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4582","reference_id":"","reference_type":"","scores":[{"value":"0.3558","scoring_system":"epss","scoring_elements":"0.97156","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470903","reference_id":"470903","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582","reference_id":"CVE-2008-4582","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html","reference_id":"CVE-2008-4582;OSVDB-49073","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32466.html"},{"reference_url":"https://www.securityfocus.com/bid/31611/info","reference_id":"CVE-2008-4582;OSVDB-49073","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/31611/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-47","reference_id":"mfsa2008-47","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-47"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4582"],"risk_score":0.6,"exploitability":"2.0","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-by8v-e1uc-kubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2280?format=json","vulnerability_id":"VCID-c145-1rm9-m3ez","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4185","reference_id":"","reference_type":"","scores":[{"value":"0.05225","scoring_system":"epss","scoring_elements":"0.9012","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4185"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185","reference_id":"CVE-2012-4185","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4185"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c145-1rm9-m3ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2821?format=json","vulnerability_id":"VCID-c1u5-hb1s-8feq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2985","reference_id":"","reference_type":"","scores":[{"value":"0.06676","scoring_system":"epss","scoring_elements":"0.91394","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985","reference_id":"CVE-2011-2985","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2985"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2985"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1u5-hb1s-8feq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2190?format=json","vulnerability_id":"VCID-c2jb-u1sf-xkgr","summary":"Security researcher Richard Moore reported that\nwhen an SSL certificate was created with a common name containing a\nwildcard followed by a partial IP address a valid SSL connection could be\nestablished with a server whose IP address matched the wildcard range\nby browsing directly to the IP address. It is extremely unlikely that\nsuch a certificate would be issued by a Certificate Authority.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3170","reference_id":"","reference_type":"","scores":[{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.78913","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630047","reference_id":"630047","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170","reference_id":"CVE-2010-3170","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-70","reference_id":"mfsa2010-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0862","reference_id":"RHSA-2010:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0862"},{"reference_url":"https://usn.ubuntu.com/1007-1/","reference_id":"USN-1007-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1007-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3170"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2jb-u1sf-xkgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2344?format=json","vulnerability_id":"VCID-c2vq-w67k-rkhc","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3963","reference_id":"","reference_type":"","scores":[{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3963"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963","reference_id":"CVE-2012-3963","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3963"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2vq-w67k-rkhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2238?format=json","vulnerability_id":"VCID-c3hz-p1eg-cyev","summary":"Security researcher Mark Poticha reported an issue where\nincorrect SSL certificate information can be displayed on the addressbar,\nshowing the SSL data for a previous site while another has been loaded. This is\ncaused by two onLocationChange events being fired out of the expected order,\nleading to the displayed certificate data to not be updated. This can be used\nfor phishing attacks by allowing the user to input form or other data on a\nnewer, attacking, site while the credentials of an older site appear on the\naddressbar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3976","reference_id":"","reference_type":"","scores":[{"value":"0.00776","scoring_system":"epss","scoring_elements":"0.73982","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3976"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851931","reference_id":"851931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976","reference_id":"CVE-2012-3976","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-69","reference_id":"mfsa2012-69","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3976"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hz-p1eg-cyev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/156367?format=json","vulnerability_id":"VCID-c7ny-wuua-1bev","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4508","reference_id":"","reference_type":"","scores":[{"value":"0.00484","scoring_system":"epss","scoring_elements":"0.65606","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4508"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-4508"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7ny-wuua-1bev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2284?format=json","vulnerability_id":"VCID-ca7w-txcu-rkhy","summary":"Mateusz Jurczyk of the Google Security Team discovered an\noff-by-one error in the OpenType Sanitizer using the Address Sanitizer tool.\nThis can lead to an out-of-bounds read and execution of an uninitialized\nfunction pointer during parsing and possible remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3062","reference_id":"","reference_type":"","scores":[{"value":"0.02392","scoring_system":"epss","scoring_elements":"0.85315","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815042","reference_id":"815042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062","reference_id":"CVE-2011-3062","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062"},{"reference_url":"https://security.gentoo.org/glsa/201203-24","reference_id":"GLSA-201203-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-24"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31","reference_id":"mfsa2012-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3062"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca7w-txcu-rkhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=json","vulnerability_id":"VCID-cbf6-phh6-3kd3","summary":"Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0171","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67201","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576696","reference_id":"576696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171","reference_id":"CVE-2010-0171","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-12","reference_id":"mfsa2010-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0171"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbf6-phh6-3kd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2232?format=json","vulnerability_id":"VCID-ccxj-6r97-9uac","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the implementation of\nthe window.navigator.plugins object.  When a page\nreloads, the plugins array would reallocate all of its members without\nchecking for existing references to each member.  This could result in\nthe deletion of objects for which valid pointers still exist.  An\nattacker could use this vulnerability to crash a victim's browser and\nrun arbitrary code on the victim's machine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0177","reference_id":"","reference_type":"","scores":[{"value":"0.06689","scoring_system":"epss","scoring_elements":"0.91404","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578152","reference_id":"578152","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177","reference_id":"CVE-2010-0177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19","reference_id":"mfsa2010-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0177"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccxj-6r97-9uac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2628?format=json","vulnerability_id":"VCID-cdn3-4erv-3kbs","summary":"Security researcher Marco C. reported a flaw in\nthe parsing of regular expressions used in Proxy Auto-configuration\n(PAC) files.  In certain cases this flaw could be used by an attacker\nto crash a victim's browser and run arbitrary code on their computer.\nSince this vulnerability requires the victim to have PAC configured in\ntheir environment with specific regular expressions which can trigger\nthe crash, the severity of the issue was determined to be\nmoderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3372","reference_id":"","reference_type":"","scores":[{"value":"0.02124","scoring_system":"epss","scoring_elements":"0.84469","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530155","reference_id":"530155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372","reference_id":"CVE-2009-3372","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55","reference_id":"mfsa2009-55","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3372"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdn3-4erv-3kbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2625?format=json","vulnerability_id":"VCID-cdy6-72f7-s7g5","summary":"Developer and Mozilla community member Wladimir Palant\nreported that cookies marked HTTPOnly were readable by JavaScript via\nthe XMLHttpRequest.getResponseHeader and \nXMLHttpRequest.getAllResponseHeaders APIs.  This vulnerability\nbypasses the security mechanism provided by the HTTPOnly flag which\nintends to restrict JavaScript access to document.cookie.The fix prevents the XMLHttpRequest feature from accessing the\nSet-Cookie and Set-Cookie2 headers of any response\nwhether or not the HTTPOnly flag was set for those cookies.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0357","reference_id":"","reference_type":"","scores":[{"value":"0.0108","scoring_system":"epss","scoring_elements":"0.78189","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483145","reference_id":"483145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357","reference_id":"CVE-2009-0357","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-05","reference_id":"mfsa2009-05","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0257","reference_id":"RHSA-2009:0257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0257"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"},{"reference_url":"https://usn.ubuntu.com/717-2/","reference_id":"USN-717-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-2/"},{"reference_url":"https://usn.ubuntu.com/717-3/","reference_id":"USN-717-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0357"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdy6-72f7-s7g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2486?format=json","vulnerability_id":"VCID-cfbf-4wvs-dugs","summary":"Justin Schuh of the IBM X-Force reported a flaw in\nthe way Mozilla parses the http-index-format MIME type.  By sending a\nspecially crafted 200 header line in the HTTP index response, an\nattacker can cause the browser to crash and run arbitrary code on the\nvictim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0017","reference_id":"","reference_type":"","scores":[{"value":"0.14498","scoring_system":"epss","scoring_elements":"0.94575","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470892","reference_id":"470892","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017","reference_id":"CVE-2008-0017","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-54","reference_id":"mfsa2008-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-0017"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfbf-4wvs-dugs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2400?format=json","vulnerability_id":"VCID-cjgv-em1a-p7ge","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0462","reference_id":"","reference_type":"","scores":[{"value":"0.01465","scoring_system":"epss","scoring_elements":"0.81224","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109","reference_id":"803109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462","reference_id":"CVE-2012-0462","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0462"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0462"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjgv-em1a-p7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2854?format=json","vulnerability_id":"VCID-cm6d-fmdp-dkcc","summary":"Claus Wahlers reported that random images from GPU memory\nwere showing up in WebGL textures. Once incorporated into the WebGL graphics it\nis possible for a site to programmatically read the image data and potentially\ngain sensitive data from other things that had been displayed earlier. This\nproblem is due to a bug in the driver for Intel integrated GPUs on recent\nMac OS X hardware, and the problem can be seen in WebGL implementations from\nother vendors. Mozilla has implemented a work-around to prevent this from\nhappening with this hardware-driver combination.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3653","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46406","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653","reference_id":"CVE-2011-3653","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-51","reference_id":"mfsa2011-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3653"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm6d-fmdp-dkcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2479?format=json","vulnerability_id":"VCID-cpff-qnzg-wuhu","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in nsXMLDocument::OnChannelRedirect()\ncould be bypassed.  This vulnerability could be used to execute JavaScript\nin the context of a different website.Firefox 3 is not affected by this issueThunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3835","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30726","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463182","reference_id":"463182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835","reference_id":"CVE-2008-3835","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-38","reference_id":"mfsa2008-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-3835"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpff-qnzg-wuhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2849?format=json","vulnerability_id":"VCID-cqbd-xw64-jqak","summary":"Daniel Kozlowski reported that a\nJavaScript Worker could be used to keep a reference to an\nobject that could be freed during garbage collection.  Subsequent\ncalls through this deleted reference could cause attacker-controlled\nmemory to be executed on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0057.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0057","reference_id":"","reference_type":"","scores":[{"value":"0.03949","scoring_system":"epss","scoring_elements":"0.88556","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675093","reference_id":"675093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057","reference_id":"CVE-2011-0057","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-06","reference_id":"mfsa2011-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0057"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqbd-xw64-jqak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2810?format=json","vulnerability_id":"VCID-cy77-z9ha-vfeg","summary":"David Remahl of Apple Product Security reported\nthat the Java Embedding Plugin (JEP) shipped with the Mac OS X versions\nof Firefox could be exploited to obtain elevated access to resources on\na user's system.Firefox 4 was not affected by this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0076","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60429","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076","reference_id":"CVE-2011-0076","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-15","reference_id":"mfsa2011-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0076"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cy77-z9ha-vfeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2309?format=json","vulnerability_id":"VCID-cyde-wgmd-f3d9","summary":"Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4204","reference_id":"","reference_type":"","scores":[{"value":"0.02253","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4204"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877624","reference_id":"877624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204","reference_id":"CVE-2012-4204","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96","reference_id":"mfsa2012-96","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-96"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4204"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyde-wgmd-f3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2294?format=json","vulnerability_id":"VCID-d18w-azwz-nuhn","summary":"Vitaly Nevgen reported that an attacker could replace a\nsub-frame in another domain's document by using the name attribute of the\nsub-frame as a form submission target. This can potentially allow for phishing\nattacks against users and violates the HTML5 frame navigation policy.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0445","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67805","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445","reference_id":"CVE-2012-0445","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-03","reference_id":"mfsa2012-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-03"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0445"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d18w-azwz-nuhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2683?format=json","vulnerability_id":"VCID-d1d9-6j5m-jqbj","summary":"Jakob Balle and Carsten Eiram of\nSecunia Research reported a race condition\nin NPObjWrapper_NewResolve when accessing the properties\nof a NPObject, a wrapped JSObject.  Balle\nand Eiram demonstrated that this condition could be reached by\nnavigating away from a web page during the loading of a Java applet.\nUnder such conditions the Java object would be destroyed but later\ncalled into resulting in a free memory read. It might be possible\nfor an attacker to write to the freed memory before it is reused and run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2 nor other\nproducts built using the \"Gecko 1.8\" version of Mozilla code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1837","reference_id":"","reference_type":"","scores":[{"value":"0.02184","scoring_system":"epss","scoring_elements":"0.84674","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503579","reference_id":"503579","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837","reference_id":"CVE-2009-1837","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-28","reference_id":"mfsa2009-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1837"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1d9-6j5m-jqbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2442?format=json","vulnerability_id":"VCID-d5j6-1sja-ruaj","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4063","reference_id":"","reference_type":"","scores":[{"value":"0.02887","scoring_system":"epss","scoring_elements":"0.86576","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4063"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463203","reference_id":"463203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063","reference_id":"CVE-2008-4063","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4063"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4063"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5j6-1sja-ruaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2136?format=json","vulnerability_id":"VCID-d95t-gxrb-ruac","summary":"Security researcher Paul Stone reported that when\nan HTML selection containing JavaScript is copy-and-pasted or dropped\nonto a document with designMode enabled the JavaScript will be\nexecuted within the context of the site where the code was dropped.  A\nmalicious site could leverage this issue in an XSS attack by\npersuading a user into taking such an action and in the process\nrunning malicious JavaScript within the context of another site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2769","reference_id":"","reference_type":"","scores":[{"value":"0.01267","scoring_system":"epss","scoring_elements":"0.79804","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630075","reference_id":"630075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769","reference_id":"CVE-2010-2769","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-62","reference_id":"mfsa2010-62","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2769"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d95t-gxrb-ruac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2666?format=json","vulnerability_id":"VCID-d9sj-vmr1-67fj","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3381","reference_id":"","reference_type":"","scores":[{"value":"0.0585","scoring_system":"epss","scoring_elements":"0.90717","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381","reference_id":"CVE-2009-3381","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3381"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3381"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9sj-vmr1-67fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95440?format=json","vulnerability_id":"VCID-dakd-jq6d-f7av","summary":"Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3640.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3640","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56948","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614","reference_id":"647614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647614"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=748379","reference_id":"748379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=748379"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3640"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dakd-jq6d-f7av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2672?format=json","vulnerability_id":"VCID-dbrb-ahba-t7bz","summary":"Security researcher Nils reported via\nTippingPoint's Zero Day Initiative that the XUL tree\nmethod _moveToEdgeShift was in some cases triggering\ngarbage collection routines on objects which were still in use.  In\nsuch cases, the browser would crash when attempting to access a\npreviously destroyed object and this crash could be used by an\nattacker to run arbitrary code on a victim's computer.This vulnerability was used by the reporter to win the\n2009 CanSecWest Pwn2Own contest.This vulnerability does not affect Firefox 2,\nThunderbird 2, or released versions of SeaMonkey.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1044","reference_id":"","reference_type":"","scores":[{"value":"0.07842","scoring_system":"epss","scoring_elements":"0.92137","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1044"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=492212","reference_id":"492212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=492212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044","reference_id":"CVE-2009-1044","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-13","reference_id":"mfsa2009-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0397","reference_id":"RHSA-2009:0397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0398","reference_id":"RHSA-2009:0398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0398"},{"reference_url":"https://usn.ubuntu.com/745-1/","reference_id":"USN-745-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/745-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1044"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbrb-ahba-t7bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2606?format=json","vulnerability_id":"VCID-dcga-xsfg-xqda","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the BrowserFeedWriter could be leveraged to run\nJavaScript code from web content with elevated privileges.  Using this\nvulnerability, an attacker could construct an object containing\nmalicious JavaScript and cause the FeedWriter to process the object,\nrunning the malicious code with chrome privileges.Thunderbird does not support\nthe BrowserFeedWriter object and is not vulnerable in its\ndefault configuration. Thunderbird might be vulnerable if the user has\ninstalled any add-on which adds a similarly implemented feature and\nthen enables JavaScript in mail messages.  This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3079","reference_id":"","reference_type":"","scores":[{"value":"0.0151","scoring_system":"epss","scoring_elements":"0.81522","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3079"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521695","reference_id":"521695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079","reference_id":"CVE-2009-3079","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3079"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-51","reference_id":"mfsa2009-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3079"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dcga-xsfg-xqda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2351?format=json","vulnerability_id":"VCID-dm2x-x684-rqas","summary":"Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0457.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0457","reference_id":"","reference_type":"","scores":[{"value":"0.07333","scoring_system":"epss","scoring_elements":"0.91836","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0457"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116","reference_id":"803116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457","reference_id":"CVE-2012-0457","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0457"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14","reference_id":"mfsa2012-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0457"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm2x-x684-rqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2879?format=json","vulnerability_id":"VCID-dmwt-m574-53ar","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements.  If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse.  This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2363.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2363","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87691","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2363"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581","reference_id":"714581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363","reference_id":"CVE-2011-2363","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23","reference_id":"mfsa2011-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2363"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmwt-m574-53ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2679?format=json","vulnerability_id":"VCID-dtyq-b84g-fkaw","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1305","reference_id":"","reference_type":"","scores":[{"value":"0.04708","scoring_system":"epss","scoring_elements":"0.89556","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496256","reference_id":"496256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305","reference_id":"CVE-2009-1305","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1305"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtyq-b84g-fkaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2318?format=json","vulnerability_id":"VCID-dum5-zxjw-8yav","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4212","reference_id":"","reference_type":"","scores":[{"value":"0.0153","scoring_system":"epss","scoring_elements":"0.81639","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877942","reference_id":"877942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212","reference_id":"CVE-2012-4212","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4212"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dum5-zxjw-8yav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2306?format=json","vulnerability_id":"VCID-dvas-f3cr-1ud4","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5835","reference_id":"","reference_type":"","scores":[{"value":"0.00894","scoring_system":"epss","scoring_elements":"0.75961","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635","reference_id":"877635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835","reference_id":"CVE-2012-5835","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5835"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvas-f3cr-1ud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2613?format=json","vulnerability_id":"VCID-e15r-7w4r-syfy","summary":"Mozilla discovered several bugs in liboggplay which posed potential\nmemory safety issues.  The bugs which were fixed could potentially be\nused by an attacker to crash a victim's browser and execute arbitrary\ncode on their computer.Audio and Video capabilities were added to the Mozilla browser\nengine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of\nthese products were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3388","reference_id":"","reference_type":"","scores":[{"value":"0.02632","scoring_system":"epss","scoring_elements":"0.85977","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3388"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=548539","reference_id":"548539","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=548539"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743","reference_id":"575743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388","reference_id":"CVE-2009-3388","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-66","reference_id":"mfsa2009-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-66"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3388"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e15r-7w4r-syfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2885?format=json","vulnerability_id":"VCID-e1bs-u53p-5bgg","summary":"sczimmer reported a crash when scaling an OGG\n<video> element to extreme sizes.\nFirefox 3.6 is not affected by this vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3665.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3665","reference_id":"","reference_type":"","scores":[{"value":"0.03707","scoring_system":"epss","scoring_elements":"0.88169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3665"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665","reference_id":"CVE-2011-3665","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58","reference_id":"mfsa2011-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-58"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3665"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1bs-u53p-5bgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2314?format=json","vulnerability_id":"VCID-e5be-z4bt-uydm","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4215","reference_id":"","reference_type":"","scores":[{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.85145","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4215"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215","reference_id":"CVE-2012-4215","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4215"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5be-z4bt-uydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2686?format=json","vulnerability_id":"VCID-eb9z-2ahu-bff8","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat it is possible to create a document whose URI does not match the\ndocument's principal using XMLHttpRequest.  This type of\nmismatch leads to incorrect results in principal-based security\nchecks.  An attacker could use this vulnerability to execute arbitrary\nJavaScript within the context of another site.moz_bug_r_a4 separately reported\nthat XPCNativeWrapper.toString's\n__proto__ comes from the wrong scope which results in\ncalls to that function being executed in the wrong context in certain\ncircumstances.  An attacker could use this vulnerability to run\narbitrary code within the context of a different site.  Alternatively,\nif chrome were to call content.toString.call(), then\nattacker-defined functions could be run with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1309.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1309","reference_id":"","reference_type":"","scores":[{"value":"0.01757","scoring_system":"epss","scoring_elements":"0.82937","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1309"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496267","reference_id":"496267","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309","reference_id":"CVE-2009-1309","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-19","reference_id":"mfsa2009-19","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1309"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb9z-2ahu-bff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2304?format=json","vulnerability_id":"VCID-ed83-3zy8-yffx","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5830","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75414","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5830"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635","reference_id":"877635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830","reference_id":"CVE-2012-5830","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5830"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ed83-3zy8-yffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2829?format=json","vulnerability_id":"VCID-egs8-xcpx-eyhm","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2986","reference_id":"","reference_type":"","scores":[{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59715","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986","reference_id":"CVE-2011-2986","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2986"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2986"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egs8-xcpx-eyhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2307?format=json","vulnerability_id":"VCID-ekzu-rjes-4uam","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5838","reference_id":"","reference_type":"","scores":[{"value":"0.01023","scoring_system":"epss","scoring_elements":"0.77602","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877945","reference_id":"877945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838","reference_id":"CVE-2012-5838","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5838"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekzu-rjes-4uam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2640?format=json","vulnerability_id":"VCID-eprr-1559-u3dn","summary":"Mozilla add-on developer Pavel Cvrcek reported\nthat certain invalid unicode characters, when used as part of an IDN,\nare displayed as whitespace in the location bar.  This whitespace\ncould be used to force part of the URL out of view in the location\nbar.  An attacker could use this vulnerability to spoof the location\nbar and display a misleading URL for their malicious web page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1834.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1834","reference_id":"","reference_type":"","scores":[{"value":"0.11374","scoring_system":"epss","scoring_elements":"0.9369","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1834"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503573","reference_id":"503573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834","reference_id":"CVE-2009-1834","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt","reference_id":"CVE-2009-1834;OSVDB-55162","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33039.txt"},{"reference_url":"https://www.securityfocus.com/bid/35388/info","reference_id":"CVE-2009-1834;OSVDB-55162","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35388/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-25","reference_id":"mfsa2009-25","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1834"],"risk_score":5.4,"exploitability":"2.0","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eprr-1559-u3dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2229?format=json","vulnerability_id":"VCID-euga-mg6n-rkac","summary":"A memory corruption flaw leading to code execution was reported by\nsecurity researcher Nils of MWR InfoSecurity during the\n2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative.\nBy moving DOM nodes between documents Nils found a case where the moved\nnode incorrectly retained its old scope. If garbage collection could\nbe triggered at the right time then Firefox would later use this freed\nobject.The contest winning exploit only affects Firefox 3.6\nand not earlier versions.Updated (June 22, 2010):  Firefox 3.5, SeaMonkey 2.0, and\nThunderbird 3.0 based on earlier versions of the browser\nengine were patched just in case there\nis an alternate way of triggering the underlying flaw.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1121","reference_id":"","reference_type":"","scores":[{"value":"0.0465","scoring_system":"epss","scoring_elements":"0.89483","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=577029","reference_id":"577029","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=577029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121","reference_id":"CVE-2010-1121","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-25","reference_id":"mfsa2010-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1121"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euga-mg6n-rkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2256?format=json","vulnerability_id":"VCID-ewd1-u7ku-8bau","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4183","reference_id":"","reference_type":"","scores":[{"value":"0.02721","scoring_system":"epss","scoring_elements":"0.86212","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183","reference_id":"CVE-2012-4183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4183"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewd1-u7ku-8bau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2440?format=json","vulnerability_id":"VCID-ezcw-8rm3-yfe4","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4061","reference_id":"","reference_type":"","scores":[{"value":"0.03898","scoring_system":"epss","scoring_elements":"0.88485","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463199","reference_id":"463199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061","reference_id":"CVE-2008-4061","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4061"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4061"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezcw-8rm3-yfe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2137?format=json","vulnerability_id":"VCID-f1na-6x4z-e3aa","summary":"Security researchers David Huang\nand Collin Jackson of Carnegie Mellon University\nCyLab (Silicon Valley campus) reported that the type\nattribute of an <object> tag can override the charset of a\nframed HTML document, even when the document is included across\norigins.  A page could be constructed containing such an\n<object> tag which sets the charset of the framed document to\nUTF-7.  This could potentially allow an attacker to inject UTF-7\nencoded JavaScript into a site, bypassing the site's XSS filters, and\nthen executing the code using the above technique.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2768","reference_id":"","reference_type":"","scores":[{"value":"0.0077","scoring_system":"epss","scoring_elements":"0.73884","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2768"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630074","reference_id":"630074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768","reference_id":"CVE-2010-2768","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-61","reference_id":"mfsa2010-61","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2768"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1na-6x4z-e3aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2618?format=json","vulnerability_id":"VCID-f3dr-bet4-qfhn","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3071","reference_id":"","reference_type":"","scores":[{"value":"0.03163","scoring_system":"epss","scoring_elements":"0.8716","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521687","reference_id":"521687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071","reference_id":"CVE-2009-3071","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3071"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3071"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3dr-bet4-qfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2387?format=json","vulnerability_id":"VCID-f5ve-9rj6-2qhd","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a use-after-free in the IME State Manager code. This could lead to a\npotentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3990","reference_id":"","reference_type":"","scores":[{"value":"0.06071","scoring_system":"epss","scoring_elements":"0.90906","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3990"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863628","reference_id":"863628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990","reference_id":"CVE-2012-3990","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-87","reference_id":"mfsa2012-87","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3990"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5ve-9rj6-2qhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2598?format=json","vulnerability_id":"VCID-f6ej-8y41-f3a9","summary":"Security researcher Jeremy Brown reported that the\nfile naming scheme used for downloading a file which already exists in\nthe downloads folder is predictable.  If an attacker had local access\nto a victim's computer and knew the name of a file the victim intended\nto open through the Download Manager, he could use this vulnerability\nto place a malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it.  Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3274","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33735","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=524815","reference_id":"524815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=524815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274","reference_id":"CVE-2009-3274","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53","reference_id":"mfsa2009-53","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3274"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6ej-8y41-f3a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2644?format=json","vulnerability_id":"VCID-feey-1wqm-ekhz","summary":"Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way.  This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page.  An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3984","reference_id":"","reference_type":"","scores":[{"value":"0.0205","scoring_system":"epss","scoring_elements":"0.84189","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3984"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546722","reference_id":"546722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984","reference_id":"CVE-2009-3984","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69","reference_id":"mfsa2009-69","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1673","reference_id":"RHSA-2009:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3984"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-feey-1wqm-ekhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2662?format=json","vulnerability_id":"VCID-fg62-2jrb-93bf","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0774","reference_id":"","reference_type":"","scores":[{"value":"0.0746","scoring_system":"epss","scoring_elements":"0.91905","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488283","reference_id":"488283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774","reference_id":"CVE-2009-0774","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"},{"reference_url":"https://usn.ubuntu.com/728-2/","reference_id":"USN-728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-2/"},{"reference_url":"https://usn.ubuntu.com/728-3/","reference_id":"USN-728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-3/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0774"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fg62-2jrb-93bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2204?format=json","vulnerability_id":"VCID-fhxf-xr7y-23cn","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that the implementation of XUL\n<tree>'s content view contains a dangling pointer vulnerability.\nOne of the content view's methods for accessing the internal structure\nof the tree could be manipulated into removing a node prior to\naccessing it, resulting in the accessing of deleted memory.  If an\nattacker can control the contents of the deleted memory prior to its\naccess they could use this vulnerability to run arbitrary code on a\nvictim's machine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3167","reference_id":"","reference_type":"","scores":[{"value":"0.05398","scoring_system":"epss","scoring_elements":"0.90291","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3167"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630067","reference_id":"630067","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630067"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167","reference_id":"CVE-2010-3167","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-56","reference_id":"mfsa2010-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3167"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhxf-xr7y-23cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2817?format=json","vulnerability_id":"VCID-fkhf-5gf8-r7f2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2991","reference_id":"","reference_type":"","scores":[{"value":"0.07005","scoring_system":"epss","scoring_elements":"0.9162","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991","reference_id":"CVE-2011-2991","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2991"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2991"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkhf-5gf8-r7f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/251265?format=json","vulnerability_id":"VCID-fpka-t8jw-r3bk","summary":"Multiple vulnerabilities have been found in Mozilla Firefox,\n    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may\n    allow execution of arbitrary code or local privilege escalation.","references":[{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0068"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpka-t8jw-r3bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2248?format=json","vulnerability_id":"VCID-fr32-1m9n-c7ed","summary":"Security researcher vsemozhetbyt reported that when the\nDOMParser is used to parse text/html data in a Firefox extension, linked\nresources within this HTML data will be loaded. If the data being parsed in the\nextension is untrusted, it could lead to information leakage and can\npotentially be combined with other attacks to become exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3975","reference_id":"","reference_type":"","scores":[{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76379","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851929","reference_id":"851929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975","reference_id":"CVE-2012-3975","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-68","reference_id":"mfsa2012-68","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-68"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3975"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fr32-1m9n-c7ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2165?format=json","vulnerability_id":"VCID-fy48-6aec-s7g2","summary":"Security researcher Alin Rad Pop of Secunia\nResearch reported that the HTML parser incorrectly freed used memory\nwhen insufficient space was available to process remaining input.\nUnder such circumstances, memory occupied by in-use objects was freed\nand could later be filled with attacker-controlled text.  These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1571","reference_id":"","reference_type":"","scores":[{"value":"0.07108","scoring_system":"epss","scoring_elements":"0.91683","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1571"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566050","reference_id":"566050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566050"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571","reference_id":"CVE-2009-1571","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-03","reference_id":"mfsa2010-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1571"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fy48-6aec-s7g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2389?format=json","vulnerability_id":"VCID-fz87-6128-d3f9","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3982.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3982","reference_id":"","reference_type":"","scores":[{"value":"0.01275","scoring_system":"epss","scoring_elements":"0.79887","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863614","reference_id":"863614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982","reference_id":"CVE-2012-3982","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-74","reference_id":"mfsa2012-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-74"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3982"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz87-6128-d3f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2379?format=json","vulnerability_id":"VCID-g2f7-uxpe-5baw","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3969","reference_id":"","reference_type":"","scores":[{"value":"0.05074","scoring_system":"epss","scoring_elements":"0.89963","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3969"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922","reference_id":"851922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969","reference_id":"CVE-2012-3969","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63","reference_id":"mfsa2012-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3969"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2f7-uxpe-5baw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2187?format=json","vulnerability_id":"VCID-g3ws-tzqe-mkgg","summary":"Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random().  Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user.  This additional variant is\nidentified as CVE-2010-3171.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3171","reference_id":"","reference_type":"","scores":[{"value":"0.08698","scoring_system":"epss","scoring_elements":"0.92629","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171","reference_id":"CVE-2010-3171","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c","reference_id":"CVE-2010-3171;OSVDB-53341","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/34621.c"},{"reference_url":"https://www.securityfocus.com/bid/43222/info","reference_id":"CVE-2010-3171;OSVDB-53341","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/43222/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33","reference_id":"mfsa2010-33","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3171"],"risk_score":5.4,"exploitability":"2.0","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3ws-tzqe-mkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2234?format=json","vulnerability_id":"VCID-g4c9-yy3u-aqaw","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0443","reference_id":"","reference_type":"","scores":[{"value":"0.0276","scoring_system":"epss","scoring_elements":"0.86289","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443","reference_id":"CVE-2012-0443","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01","reference_id":"mfsa2012-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0443"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4c9-yy3u-aqaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2181?format=json","vulnerability_id":"VCID-g4sm-cpy2-pkga","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0166","reference_id":"","reference_type":"","scores":[{"value":"0.26203","scoring_system":"epss","scoring_elements":"0.96396","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166","reference_id":"CVE-2010-0166","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0166"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html","reference_id":"CVE-2010-0166;OSVDB-63266","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33800.html"},{"reference_url":"https://www.securityfocus.com/bid/38943/info","reference_id":"CVE-2010-0166;OSVDB-63266","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/38943/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11","reference_id":"mfsa2010-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0166"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4sm-cpy2-pkga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2288?format=json","vulnerability_id":"VCID-g5eb-pmmj-p7dr","summary":"Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4195.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4195","reference_id":"","reference_type":"","scores":[{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76844","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4195"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893","reference_id":"869893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195","reference_id":"CVE-2012-4195","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90","reference_id":"mfsa2012-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1407","reference_id":"RHSA-2012:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1413","reference_id":"RHSA-2012:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1413"},{"reference_url":"https://usn.ubuntu.com/1620-1/","reference_id":"USN-1620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-1/"},{"reference_url":"https://usn.ubuntu.com/1620-2/","reference_id":"USN-1620-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4195"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5eb-pmmj-p7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2399?format=json","vulnerability_id":"VCID-g6h1-d75p-jfag","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0461","reference_id":"","reference_type":"","scores":[{"value":"0.01161","scoring_system":"epss","scoring_elements":"0.78937","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109","reference_id":"803109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461","reference_id":"CVE-2012-0461","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0461"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0461"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6h1-d75p-jfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2257?format=json","vulnerability_id":"VCID-g6u7-5kzb-yqha","summary":"Security researcher Masato Kinugawa found that during the\ndecoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024\nbytes are treated incorrectly, either doubling or deleting bytes. On certain\npages it might be possible for an attacker to pad the output of the page such\nthat these errors fall in the right place to affect the structure of the page,\nallowing for cross-site script (XSS) injection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0477","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72885","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815026","reference_id":"815026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477","reference_id":"CVE-2012-0477","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29","reference_id":"mfsa2012-29","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0477"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6u7-5kzb-yqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2221?format=json","vulnerability_id":"VCID-g7aa-s8j6-b3ef","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that XUL <tree> objects could\nbe manipulated such that the setting of certain properties on the\nobject would trigger the removal of the tree from the DOM and cause\ncertain sections of deleted memory to be accessed.  In products based on\nGecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer\nthis memory has been overwritten by a value that will cause an\nunexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5,\nThunderbird 3.0, and SeaMonkey 2.0) and older an attacker could\npotentially use this vulnerability to crash a victim's browser and run\narbitrary code on their computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3168","reference_id":"","reference_type":"","scores":[{"value":"0.05398","scoring_system":"epss","scoring_elements":"0.90291","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3168"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630064","reference_id":"630064","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168","reference_id":"CVE-2010-3168","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-55","reference_id":"mfsa2010-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3168"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7aa-s8j6-b3ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2144?format=json","vulnerability_id":"VCID-g9gb-vpak-jkdj","summary":"Google security researcher Robert Swiecki reported\nthat functions used by the Gopher parser to convert text to HTML tags\ncould be exploited to turn text into executable JavaScript.  If an\nattacker could create a file or directory on a Gopher server with the\nencoded script as part of its name the script would then run in a\nvictim's browser within the context of the site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3177","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72885","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642290","reference_id":"642290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177","reference_id":"CVE-2010-3177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-68","reference_id":"mfsa2010-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3177"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9gb-vpak-jkdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2890?format=json","vulnerability_id":"VCID-g9ht-dkv6-gyac","summary":"Mozilla security researcher David Chan reported\nthat cookies set for example.com. (note the trailing dot)\nand example.com were treated as interchangeable.  This is\na violation of same-origin conventions and could potentially lead to\nleakage of cookie data to the wrong party.This issue did not affect Firefox 4, SeaMonkey 2.1, or newer\nMozilla-based products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2362","reference_id":"","reference_type":"","scores":[{"value":"0.01226","scoring_system":"epss","scoring_elements":"0.79467","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714583","reference_id":"714583","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362","reference_id":"CVE-2011-2362","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2362"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-24","reference_id":"mfsa2011-24","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2362"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9ht-dkv6-gyac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2492?format=json","vulnerability_id":"VCID-ga96-mhg4-z7h9","summary":"Security researcher Luke Bryan reported that file:\nURIs are given chrome privileges when opened in the same tab as a\nchrome page or privileged about: page.  This vulnerability could be\nused by an attacker to run arbitrary JavaScript with chrome\nprivileges.  The severity of this issue was determined to be moderate\nas it requires an attacker to have malicious code saved locally, then\nhave a user open a chrome: document or privileged about: URI, and then\nopen the malicious file in the same privileged tab.Firefox 2 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5015","reference_id":"","reference_type":"","scores":[{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90584","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5015"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470876","reference_id":"470876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015","reference_id":"CVE-2008-5015","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-51","reference_id":"mfsa2008-51","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5015"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ga96-mhg4-z7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2291?format=json","vulnerability_id":"VCID-gadh-19ks-vuem","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent\nis released and oldFocusedContent is used afterwards. This use-after-free could\npossibly allow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1958.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1958","reference_id":"","reference_type":"","scores":[{"value":"0.03872","scoring_system":"epss","scoring_elements":"0.88444","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1958"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840211","reference_id":"840211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958","reference_id":"CVE-2012-1958","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48","reference_id":"mfsa2012-48","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1958"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gadh-19ks-vuem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2289?format=json","vulnerability_id":"VCID-garp-92yw-2yeb","summary":"Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4196","reference_id":"","reference_type":"","scores":[{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76895","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893","reference_id":"869893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196","reference_id":"CVE-2012-4196","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90","reference_id":"mfsa2012-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1407","reference_id":"RHSA-2012:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1413","reference_id":"RHSA-2012:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1413"},{"reference_url":"https://usn.ubuntu.com/1620-1/","reference_id":"USN-1620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-1/"},{"reference_url":"https://usn.ubuntu.com/1620-2/","reference_id":"USN-1620-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4196"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-garp-92yw-2yeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2421?format=json","vulnerability_id":"VCID-ge7h-93tj-zycj","summary":"Mozilla developer Boris Zbarsky reported that XBL\n   bindings could be used to read data from other domains, a violation\n   of the same-origin policy.  The severity of this issue was determined\n   to be moderate due to several mitigating factors:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5503","reference_id":"","reference_type":"","scores":[{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79532","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5503"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476272","reference_id":"476272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503","reference_id":"CVE-2008-5503","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5503"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-61","reference_id":"mfsa2008-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5503"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ge7h-93tj-zycj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2491?format=json","vulnerability_id":"VCID-gf5k-p1zj-kkam","summary":"Marius Schilder of Google Security reported that\nwhen a XMLHttpRequest is made to a same-origin resource\nwhich 302 redirects to a resource in a different domain, the response\nfrom the cross-domain resource is readable by the site issuing the\nXHR.  Cookies marked HttpOnly were not readable, but\nother potentially sensitive data could be revealed in the XHR response\nincluding URL parameters and content in the response body.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5506","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.6724","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5506"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476278","reference_id":"476278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506","reference_id":"CVE-2008-5506","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-64","reference_id":"mfsa2008-64","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5506"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gf5k-p1zj-kkam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2420?format=json","vulnerability_id":"VCID-gg44-fj5q-gudh","summary":"Security researcher Collin Jackson reported that\nthe -moz-binding CSS property can be used to bypass security checks\nwhich validate codebase principals. Similar to the issue reported\nin MFSA 2008-23, Jackson demonstrated\nthat an attacker can replace a stylesheet in a signed JAR which uses\nrelative paths, and can then use the -moz-binding property to inject\nmalicious script into the JAR.  The injected script will be executed\nwith the privileges of the signed JAR.  This vulnerability can thus\nallow an attacker to run arbitrary JavaScript within the context of\nanother site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5023","reference_id":"","reference_type":"","scores":[{"value":"0.1839","scoring_system":"epss","scoring_elements":"0.95353","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470898","reference_id":"470898","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023","reference_id":"CVE-2008-5023","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-57","reference_id":"mfsa2008-57","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5023"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg44-fj5q-gudh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2375?format=json","vulnerability_id":"VCID-ggku-uzpq-wffw","summary":"Security researcher Mario Gomes andresearch firm\nCode Audit Labs reported a mechanism to short-circuit page\nloads through drag and drop to the addressbar by canceling the page load. This\ncauses the address of the previously site entered to be displayed in the\naddressbar instead of the currently loaded page. This could lead to potential\nphishing attacks on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1950","reference_id":"","reference_type":"","scores":[{"value":"0.02775","scoring_system":"epss","scoring_elements":"0.86322","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840203","reference_id":"840203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950","reference_id":"CVE-2012-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43","reference_id":"mfsa2012-43","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1950"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggku-uzpq-wffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2667?format=json","vulnerability_id":"VCID-gj5k-vhfn-y7b9","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3382","reference_id":"","reference_type":"","scores":[{"value":"0.15845","scoring_system":"epss","scoring_elements":"0.94866","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530569","reference_id":"530569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382","reference_id":"CVE-2009-3382","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html","reference_id":"CVE-2009-3382;OSVDB-59384","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33314.html"},{"reference_url":"https://www.securityfocus.com/bid/36866/info","reference_id":"CVE-2009-3382;OSVDB-59384","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/36866/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3382"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj5k-vhfn-y7b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2605?format=json","vulnerability_id":"VCID-gkgb-xbu6-93fx","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the owner document of an element can become null after garbage\ncollection.  In such cases, event listeners may be executed within the\nwrong JavaScript context.  An attacker could potentially use this\nvulnerability to have a malicious event handler execute arbitrary\nJavaScript with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1838","reference_id":"","reference_type":"","scores":[{"value":"0.04629","scoring_system":"epss","scoring_elements":"0.89461","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503580","reference_id":"503580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838","reference_id":"CVE-2009-1838","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-29","reference_id":"mfsa2009-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1838"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkgb-xbu6-93fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2227?format=json","vulnerability_id":"VCID-gkry-fmfu-93ax","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a\nmalicious NodeFilter could be created which would detach\nnodes from the DOM tree while it was being traversed.  The use of a\ndetached and subsequently deleted node could result in the execution\nof attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1209","reference_id":"","reference_type":"","scores":[{"value":"0.02213","scoring_system":"epss","scoring_elements":"0.84768","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615459","reference_id":"615459","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209","reference_id":"CVE-2010-1209","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36","reference_id":"mfsa2010-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1209"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkry-fmfu-93ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2459?format=json","vulnerability_id":"VCID-gnn7-kxvp-sqbd","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects.  moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object.  These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4058.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4058","reference_id":"","reference_type":"","scores":[{"value":"0.0348","scoring_system":"epss","scoring_elements":"0.87785","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463190","reference_id":"463190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463190"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058","reference_id":"CVE-2008-4058","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4058"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41","reference_id":"mfsa2008-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4058"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnn7-kxvp-sqbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116834?format=json","vulnerability_id":"VCID-gp4m-ysf8-7ug5","summary":"security flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5052","reference_id":"","reference_type":"","scores":[{"value":"0.18653","scoring_system":"epss","scoring_elements":"0.95394","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5052"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618336","reference_id":"1618336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618336"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5052"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gp4m-ysf8-7ug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140489?format=json","vulnerability_id":"VCID-gram-yge1-rff3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2671","reference_id":"","reference_type":"","scores":[{"value":"0.06763","scoring_system":"epss","scoring_elements":"0.9146","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2671"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html","reference_id":"CVE-2007-2671;OSVDB-35700","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/29940.html"},{"reference_url":"https://www.securityfocus.com/bid/23747/info","reference_id":"CVE-2007-2671;OSVDB-35700","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23747/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2007-2671"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gram-yge1-rff3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/156833?format=json","vulnerability_id":"VCID-gsfm-92c8-nbce","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5074","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39119","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5074"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-5074"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsfm-92c8-nbce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2297?format=json","vulnerability_id":"VCID-gspz-z5za-xffc","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1953.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1953","reference_id":"","reference_type":"","scores":[{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.80902","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1953"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953","reference_id":"CVE-2012-1953","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1953"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gspz-z5za-xffc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2195?format=json","vulnerability_id":"VCID-gtnu-ebdw-7uct","summary":"Matt Haggard reported that\nthe statusText property of an XMLHttpRequest\nobject is readable by the requester even when the request is made\nacross origins.  This status information reveals the presence of a web\nserver and could be used to gather information about servers on\ninternal private networks.This issue was also independently reported to Mozilla\nby Nicholas Berthaume","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2764","reference_id":"","reference_type":"","scores":[{"value":"0.00878","scoring_system":"epss","scoring_elements":"0.7569","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630078","reference_id":"630078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764","reference_id":"CVE-2010-2764","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-63","reference_id":"mfsa2010-63","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2764"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtnu-ebdw-7uct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2668?format=json","vulnerability_id":"VCID-gu93-f2uq-gfcm","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3383","reference_id":"","reference_type":"","scores":[{"value":"0.05615","scoring_system":"epss","scoring_elements":"0.9049","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383","reference_id":"CVE-2009-3383","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3383"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3383"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gu93-f2uq-gfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2225?format=json","vulnerability_id":"VCID-gvz7-7pyc-vueq","summary":"Security researcher Martin Barbella reported via\nTippingPoint's Zero Day Initiative that an XSLT node sorting routine\ncontained an integer overflow vulnerability.  In cases where one of\nthe nodes to be sorted contained a very large text value, the integer\nused to allocate a memory buffer to store its value would overflow,\nresulting in too small a buffer being created.  An attacker could use\nthis vulnerability to write data past the end of the buffer, causing\nthe browser to crash and potentially running arbitrary code on a\nvictim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1199","reference_id":"","reference_type":"","scores":[{"value":"0.42703","scoring_system":"epss","scoring_elements":"0.97543","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590833","reference_id":"590833","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199","reference_id":"CVE-2010-1199","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1199"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py","reference_id":"CVE-2010-1199","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/14949.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt","reference_id":"CVE-2010-1199;OSVDB-65744","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34192.txt"},{"reference_url":"https://www.securityfocus.com/bid/41082/info","reference_id":"CVE-2010-1199;OSVDB-65744","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/41082/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-30","reference_id":"mfsa2010-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0499","reference_id":"RHSA-2010:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1199"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvz7-7pyc-vueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2135?format=json","vulnerability_id":"VCID-gzq8-a9pe-zyee","summary":"Google security researcher Michal Zalewski\nreported that focus() could be used to change a user's\ncursor focus while they are typing, potentially directing their\nkeyboard input to an unintended location.  This behavior was also\npresent across origins when content from one domain was embedded\nwithin another via an iframe.  A malicious web page could use this\nbehavior to steal keystrokes from a victim while they were typing\nsensitive information such as a password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1125","reference_id":"","reference_type":"","scores":[{"value":"0.02114","scoring_system":"epss","scoring_elements":"0.84429","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1125"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=577584","reference_id":"577584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=577584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125","reference_id":"CVE-2010-1125","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1125"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-31","reference_id":"mfsa2010-31","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1125"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzq8-a9pe-zyee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116595?format=json","vulnerability_id":"VCID-h2gc-q763-vfc5","summary":": Firefox DoS (crash) via crafted web site that triggers memory consumption","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0220","reference_id":"","reference_type":"","scores":[{"value":"0.00947","scoring_system":"epss","scoring_elements":"0.76688","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=579085","reference_id":"579085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=579085"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0220"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-q763-vfc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2437?format=json","vulnerability_id":"VCID-h77t-hk1k-cyej","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5017","reference_id":"","reference_type":"","scores":[{"value":"0.17422","scoring_system":"epss","scoring_elements":"0.95192","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470883","reference_id":"470883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017","reference_id":"CVE-2008-5017","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52","reference_id":"mfsa2008-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0978","reference_id":"RHSA-2008:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0978"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5017"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h77t-hk1k-cyej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115232?format=json","vulnerability_id":"VCID-h8au-2tec-kkbv","summary":"Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3101.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3101","reference_id":"","reference_type":"","scores":[{"value":"0.0174","scoring_system":"epss","scoring_elements":"0.82856","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3101"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://security.gentoo.org/glsa/201205-03","reference_id":"GLSA-201205-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201205-03"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3101"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8au-2tec-kkbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2678?format=json","vulnerability_id":"VCID-h911-mxru-5kbh","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1304","reference_id":"","reference_type":"","scores":[{"value":"0.06664","scoring_system":"epss","scoring_elements":"0.91384","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1304"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496255","reference_id":"496255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304","reference_id":"CVE-2009-1304","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1304"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h911-mxru-5kbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2853?format=json","vulnerability_id":"VCID-h919-wzxu-wqge","summary":"Security researcher Aki Helin reported a crash\nin the YARR regular expression library that could be triggered by\njavascript in web content.\nThe YARR library was not used in older versions of\nthe Mozilla browser engine. This vulnerability does not affect\nFirefox 3.6 or Thunderbird 3.1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3661","reference_id":"","reference_type":"","scores":[{"value":"0.04527","scoring_system":"epss","scoring_elements":"0.8935","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3661"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661","reference_id":"CVE-2011-3661","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54","reference_id":"mfsa2011-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-54"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3661"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h919-wzxu-wqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2887?format=json","vulnerability_id":"VCID-h9km-q4fb-hkcm","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2996","reference_id":"","reference_type":"","scores":[{"value":"0.08708","scoring_system":"epss","scoring_elements":"0.92633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2996"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741903","reference_id":"741903","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996","reference_id":"CVE-2011-2996","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36","reference_id":"mfsa2011-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2996"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9km-q4fb-hkcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2413?format=json","vulnerability_id":"VCID-hfs6-4xea-hufa","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free while replacing/inserting a node in a document.\nThis use-after-free could possibly allow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1946.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1946","reference_id":"","reference_type":"","scores":[{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81135","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1946"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827832","reference_id":"827832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946","reference_id":"CVE-2012-1946","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-38","reference_id":"mfsa2012-38","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1946"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfs6-4xea-hufa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2637?format=json","vulnerability_id":"VCID-hfx9-d6d1-5kbv","summary":"Security researcher Gregory Fleischer reported\nthat the exception messages generated by\nMozilla's GeckoActiveXObject differ based on whether or\nnot the requested COM object's ProgID is present in the system\nregistry.  A malicious site could use this vulnerability to enumerate\na list of COM objects installed on a user's system and create a\nprofile to track the user across browsing sessions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3987.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3987","reference_id":"","reference_type":"","scores":[{"value":"0.00812","scoring_system":"epss","scoring_elements":"0.74605","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3987"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546729","reference_id":"546729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987","reference_id":"CVE-2009-3987","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-71","reference_id":"mfsa2009-71","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3987"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfx9-d6d1-5kbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2684?format=json","vulnerability_id":"VCID-hgvh-r793-d7e1","summary":"Paul Nel reported that certain HTTP directives to\nnot cache web pages, Cache-Control: no-store and Cache-Control:\nno-cache for HTTPS pages, were being ignored by Firefox 3.  On a\nshared system, applications relying upon these HTTP directives could\npotentially expose private data.  Another user on the system could use\nthis vulnerability to view improperly cached pages containing private\ndata by navigating the browser back.Firefox 2 releases are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0358","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.4096","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0358"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483150","reference_id":"483150","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358","reference_id":"CVE-2009-0358","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-06","reference_id":"mfsa2009-06","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0358"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgvh-r793-d7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2467?format=json","vulnerability_id":"VCID-hsqv-k32f-eqbv","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5511","reference_id":"","reference_type":"","scores":[{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77527","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5511"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476285","reference_id":"476285","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511","reference_id":"CVE-2008-5511","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5511"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68","reference_id":"mfsa2008-68","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5511"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsqv-k32f-eqbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2861?format=json","vulnerability_id":"VCID-hsxq-pw7c-pydu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2993","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58599","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993","reference_id":"CVE-2011-2993","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2993"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsxq-pw7c-pydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2411?format=json","vulnerability_id":"VCID-hsyn-kqfm-7yfm","summary":"Security researcher Colby Russell discovered that eval in\nthe web console can execute injected code with chrome privileges, leading to the\nrunning of malicious code in a privileged context. This allows for arbitrary\ncode execution through a malicious web page if the web console is invoked by the\nuser.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3980","reference_id":"","reference_type":"","scores":[{"value":"0.02199","scoring_system":"epss","scoring_elements":"0.84723","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851939","reference_id":"851939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980","reference_id":"CVE-2012-3980","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-72","reference_id":"mfsa2012-72","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-72"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3980"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsyn-kqfm-7yfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2381?format=json","vulnerability_id":"VCID-hugz-ntms-1uge","summary":"Mozilla developers identified and fixed two top crashing bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. These bugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.The first of these bugs, a FreeType issue, is a mobile only issue which happens on custom kernels like Cyanogenmod, not on standard Android installations. The second bug is a websockets crash affecting Firefox 16 but not Firefox ESR.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4190","reference_id":"","reference_type":"","scores":[{"value":"0.08531","scoring_system":"epss","scoring_elements":"0.92529","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=872753","reference_id":"872753","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=872753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190","reference_id":"CVE-2012-4190","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88","reference_id":"mfsa2012-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4190"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hugz-ntms-1uge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115142?format=json","vulnerability_id":"VCID-huz9-qp3y-vfgg","summary":"Mozilla: SPDY information disclosure (MFSA 2012-73)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3977.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=859827","reference_id":"859827","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=859827"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3977"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huz9-qp3y-vfgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2480?format=json","vulnerability_id":"VCID-hwk2-xetj-kke7","summary":"Mozilla security researcher moz_bug_r_a4 reported\nvulnerabilities in the session-restore feature by which content could be\ninjected into an incorrect document storage location, including\nstorage locations for other domains.  An attacker could utilize these\nissues to violate the browser's same-origin policy and perform an XSS\nattack while SessionStore data is being restored.moz_bug_r_a4 also reported that one variant could be used by an\nattacker to run arbitrary JavaScript with chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5513","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78336","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476289","reference_id":"476289","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513","reference_id":"CVE-2008-5513","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-69","reference_id":"mfsa2008-69","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5513"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwk2-xetj-kke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2878?format=json","vulnerability_id":"VCID-hwyg-nsg1-fub7","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements.  If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse.  This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0083","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87691","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0083"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581","reference_id":"714581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083","reference_id":"CVE-2011-0083","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0083"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23","reference_id":"mfsa2011-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0083"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwyg-nsg1-fub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2049?format=json","vulnerability_id":"VCID-hyj5-89d4-wbcn","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5829","reference_id":"","reference_type":"","scores":[{"value":"0.04573","scoring_system":"epss","scoring_elements":"0.89395","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829","reference_id":"CVE-2012-5829","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02","reference_id":"mfsa2013-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"},{"reference_url":"https://usn.ubuntu.com/1681-1/","reference_id":"USN-1681-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1681-1/"},{"reference_url":"https://usn.ubuntu.com/1681-2/","reference_id":"USN-1681-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1681-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5829"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyj5-89d4-wbcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116605?format=json","vulnerability_id":"VCID-j2vk-hxur-cyfa","summary":"Thunderbird: DoS via large length property of a Select object","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2535.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2535","reference_id":"","reference_type":"","scores":[{"value":"0.08242","scoring_system":"epss","scoring_elements":"0.9237","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2535"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512909","reference_id":"512909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512909"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt","reference_id":"OSVDB-56253;CVE-2009-2535","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/9160.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2535"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2vk-hxur-cyfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2158?format=json","vulnerability_id":"VCID-j4wy-buq8-kfg5","summary":"Mozilla developer Daniel Holbert reported that the\nfix to the plugin parameter array crash that was fixed in Firefox\n3.6.7 caused a crash showing signs of memory corruption.  In certain\ncircumstances, properties in the plugin instance's parameter array\ncould be freed prematurely leaving a dangling pointer that the plugin\ncould execute, potentially calling into attacker-controlled\nmemory.Firefox 3.5.11 was also affected by the regression\nbut the equivalent pointer was always initialized to NULL and \nnot exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2755.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2755","reference_id":"","reference_type":"","scores":[{"value":"0.10163","scoring_system":"epss","scoring_elements":"0.93247","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=617657","reference_id":"617657","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=617657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755","reference_id":"CVE-2010-2755","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2755"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-48","reference_id":"mfsa2010-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0556","reference_id":"RHSA-2010:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0557","reference_id":"RHSA-2010:0557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0558","reference_id":"RHSA-2010:0558","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0558"},{"reference_url":"https://usn.ubuntu.com/930-6/","reference_id":"USN-930-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-6/"},{"reference_url":"https://usn.ubuntu.com/957-2/","reference_id":"USN-957-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2755"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4wy-buq8-kfg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2635?format=json","vulnerability_id":"VCID-j5rm-5key-eqh7","summary":"Mozilla security researcher Jesse Ruderman reported\nthat when security modules were added or removed\nvia pkcs11.addmodule or pkcs11.deletemodule,\nthe resulting dialog was not sufficiently informative.  Without\nsufficient warning, an attacker could entice a victim to install a\nmalicious PKCS11 module and affect the cryptographic integrity of the\nvictim's browser.Security researcher Dan Kaminsky reported that\nthis issue had not been fixed in Firefox 3.0 and that under certain\ncircumstances pkcs11 modules could be installed from a\nremote location.Firefox 3.5 releases are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3076.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3076","reference_id":"","reference_type":"","scores":[{"value":"0.17599","scoring_system":"epss","scoring_elements":"0.95218","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3076"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521692","reference_id":"521692","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076","reference_id":"CVE-2009-3076","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3076"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt","reference_id":"CVE-2009-3076;OSVDB-57977","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9651.txt"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-48","reference_id":"mfsa2009-48","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3076"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5rm-5key-eqh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2805?format=json","vulnerability_id":"VCID-j62t-j6yb-7fdq","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0074","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.88942","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700617","reference_id":"700617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074","reference_id":"CVE-2011-0074","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0074"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j62t-j6yb-7fdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2630?format=json","vulnerability_id":"VCID-j8zw-dg26-hfbe","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3379","reference_id":"","reference_type":"","scores":[{"value":"0.04866","scoring_system":"epss","scoring_elements":"0.89734","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3379"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=531765","reference_id":"531765","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=531765"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196","reference_id":"669196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379","reference_id":"CVE-2009-3379","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1561","reference_id":"RHSA-2009:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1561"},{"reference_url":"https://usn.ubuntu.com/861-1/","reference_id":"USN-861-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/861-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3379"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zw-dg26-hfbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2339?format=json","vulnerability_id":"VCID-j97m-u5ab-4yfx","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3958.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3958","reference_id":"","reference_type":"","scores":[{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84478","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3958"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958","reference_id":"CVE-2012-3958","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3958"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j97m-u5ab-4yfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2600?format=json","vulnerability_id":"VCID-jhrk-vntt-yqd7","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat a chrome XBL method can be used in conjunction\nwith window.eval to execute arbitrary JavaScript within\nthe context of another website, violating the same origin policy.Firefox 2 releases are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0354","reference_id":"","reference_type":"","scores":[{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.74222","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=483142","reference_id":"483142","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=483142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354","reference_id":"CVE-2009-0354","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-02","reference_id":"mfsa2009-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0256","reference_id":"RHSA-2009:0256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0256"},{"reference_url":"https://usn.ubuntu.com/717-1/","reference_id":"USN-717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0354"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhrk-vntt-yqd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2212?format=json","vulnerability_id":"VCID-jjgg-6xps-wud3","summary":"Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument.  The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext.  The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate.  A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2751","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58524","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615480","reference_id":"615480","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751","reference_id":"CVE-2010-2751","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45","reference_id":"mfsa2010-45","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2751"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjgg-6xps-wud3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2891?format=json","vulnerability_id":"VCID-jmw4-gesh-4bfj","summary":"Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1202","reference_id":"","reference_type":"","scores":[{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.71052","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413","reference_id":"617413","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=684386","reference_id":"684386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=684386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202","reference_id":"CVE-2011-1202","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18","reference_id":"mfsa2011-18","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1265","reference_id":"RHSA-2012:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1265"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"},{"reference_url":"https://usn.ubuntu.com/1595-1/","reference_id":"USN-1595-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1595-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-1202"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmw4-gesh-4bfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2642?format=json","vulnerability_id":"VCID-jppt-hyxw-gqa8","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2662","reference_id":"","reference_type":"","scores":[{"value":"0.07076","scoring_system":"epss","scoring_elements":"0.91664","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2662"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662","reference_id":"CVE-2009-2662","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2662"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45","reference_id":"mfsa2009-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2662"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jppt-hyxw-gqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2383?format=json","vulnerability_id":"VCID-jq9x-1rxz-1qb2","summary":"Mozilla developer Tim Abraldes reported that when encoding\nimages as image/vnd.microsoft.icon the resulting data was always a\nfixed size, with uninitialized memory appended as padding beyond the size of the\nactual image. This is the result of mImageBufferSize in the encoder being\ninitialized with a value different than the size of the source image. There is\nthe possibility of sensitive data from uninitialized memory being appended to a\nPNG image when converted from an ICO format image. This sensitive data may then\nbe disclosed in the resulting image.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0447","reference_id":"","reference_type":"","scores":[{"value":"0.006","scoring_system":"epss","scoring_elements":"0.69833","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447","reference_id":"CVE-2012-0447","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-06","reference_id":"mfsa2012-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-06"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0447"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jq9x-1rxz-1qb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115414?format=json","vulnerability_id":"VCID-jqh9-88vc-fyfc","summary":"firefox: Does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4688","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47547","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4688"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=761550","reference_id":"761550","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=761550"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-4688"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh9-88vc-fyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2396?format=json","vulnerability_id":"VCID-jqkh-dzuz-r7f1","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1937.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1937","reference_id":"","reference_type":"","scores":[{"value":"0.01723","scoring_system":"epss","scoring_elements":"0.82751","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1937"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937","reference_id":"CVE-2012-1937","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34","reference_id":"mfsa2012-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1937"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqkh-dzuz-r7f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2614?format=json","vulnerability_id":"VCID-jt5p-kykj-7bcm","summary":"Mozilla security researcher Georgi Guninski\nreported that a website could use nsIRDFService and a\ncross-domain redirect to steal arbitrary XML data from another domain,\na violation of the same-origin policy.  This vulnerability could be\nused by a malicious website to steal private data from users\nauthenticated to the redirected website.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0776","reference_id":"","reference_type":"","scores":[{"value":"0.00865","scoring_system":"epss","scoring_elements":"0.75476","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488290","reference_id":"488290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776","reference_id":"CVE-2009-0776","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-09","reference_id":"mfsa2009-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"},{"reference_url":"https://usn.ubuntu.com/728-2/","reference_id":"USN-728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-2/"},{"reference_url":"https://usn.ubuntu.com/728-3/","reference_id":"USN-728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-3/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0776"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jt5p-kykj-7bcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115103?format=json","vulnerability_id":"VCID-jwu5-m6ea-d7cb","summary":"Mozilla: Select element persistance allows for attacks (MFSA 2012-75)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5354","reference_id":"","reference_type":"","scores":[{"value":"0.00885","scoring_system":"epss","scoring_elements":"0.75811","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616","reference_id":"863616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863616"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5354"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwu5-m6ea-d7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2883?format=json","vulnerability_id":"VCID-jzg1-phde-nqe5","summary":"Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0073","reference_id":"","reference_type":"","scores":[{"value":"0.81161","scoring_system":"epss","scoring_elements":"0.99182","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700619","reference_id":"700619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073","reference_id":"CVE-2011-0073","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip","reference_id":"CVE-2011-0073;OSVDB-72087","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17419.zip"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb","reference_id":"CVE-2011-0073;OSVDB-72087","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17520.rb"},{"reference_url":"http://www.zerodayinitiative.com/advisories/ZDI-11-157/","reference_id":"CVE-2011-0073;OSVDB-72087","reference_type":"exploit","scores":[],"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-157/"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13","reference_id":"mfsa2011-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0073"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzg1-phde-nqe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2460?format=json","vulnerability_id":"VCID-k3e3-amtm-3qbz","summary":"Mozilla security researcher moz_bug_r_a4 reported a\nseries of vulnerabilities by which page content can pollute\nXPCNativeWrappers and have arbitrary code run with chrome privileges.\nOne variant reported by moz_bug_r_a4 only affected Firefox 2.Mozilla developer Olli Pettay reported that XSLT can\ncreate documents which do not have script handling objects.  moz_bug_r_a4\nalso reported that document.loadBindingDocument() returns a\ndocument that does not have a script handling object.  These issues could\nalso be used by an attacker to run arbitrary script with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4059","reference_id":"","reference_type":"","scores":[{"value":"0.07556","scoring_system":"epss","scoring_elements":"0.91972","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4059"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463192","reference_id":"463192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463192"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059","reference_id":"CVE-2008-4059","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4059"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41","reference_id":"mfsa2008-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4059"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3e3-amtm-3qbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2188?format=json","vulnerability_id":"VCID-k4zg-4qj2-r7eg","summary":"Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random().  Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user.  This additional variant is\nidentified as CVE-2010-3171.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5913","reference_id":"","reference_type":"","scores":[{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63166","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5913"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=480938","reference_id":"480938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=480938"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913","reference_id":"CVE-2008-5913","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33","reference_id":"mfsa2010-33","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5913"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4zg-4qj2-r7eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2866?format=json","vulnerability_id":"VCID-k5t5-zv4u-w7am","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2374","reference_id":"","reference_type":"","scores":[{"value":"0.04023","scoring_system":"epss","scoring_elements":"0.88678","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374","reference_id":"CVE-2011-2374","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2374"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5t5-zv4u-w7am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2616?format=json","vulnerability_id":"VCID-kakw-qs85-wkek","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3069","reference_id":"","reference_type":"","scores":[{"value":"0.05238","scoring_system":"epss","scoring_elements":"0.90135","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521684","reference_id":"521684","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069","reference_id":"CVE-2009-3069","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3069"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3069"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kakw-qs85-wkek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2629?format=json","vulnerability_id":"VCID-kg61-mkup-83e9","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3377","reference_id":"","reference_type":"","scores":[{"value":"0.07","scoring_system":"epss","scoring_elements":"0.91616","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3377"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=531770","reference_id":"531770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=531770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377","reference_id":"CVE-2009-3377","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3377"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kg61-mkup-83e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2222?format=json","vulnerability_id":"VCID-kh38-ksfk-b3cp","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3169","reference_id":"","reference_type":"","scores":[{"value":"0.03233","scoring_system":"epss","scoring_elements":"0.8731","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630055","reference_id":"630055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169","reference_id":"CVE-2010-3169","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-49","reference_id":"mfsa2010-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3169"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kh38-ksfk-b3cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2880?format=json","vulnerability_id":"VCID-kjtt-7579-63ep","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements.  If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse.  This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0085.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0085","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87691","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0085"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581","reference_id":"714581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085","reference_id":"CVE-2011-0085","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0085"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23","reference_id":"mfsa2011-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0085"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjtt-7579-63ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2894?format=json","vulnerability_id":"VCID-kvbr-8c7s-ubey","summary":"Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3654","reference_id":"","reference_type":"","scores":[{"value":"0.08632","scoring_system":"epss","scoring_elements":"0.92584","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654","reference_id":"CVE-2011-3654","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48","reference_id":"mfsa2011-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3654"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvbr-8c7s-ubey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2260?format=json","vulnerability_id":"VCID-kxv9-1d1t-rueg","summary":"Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4208","reference_id":"","reference_type":"","scores":[{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.69191","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4208"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877627","reference_id":"877627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208","reference_id":"CVE-2012-4208","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99","reference_id":"mfsa2012-99","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-99"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4208"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxv9-1d1t-rueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2475?format=json","vulnerability_id":"VCID-kzs1-hx2t-y7da","summary":"Security researcher Hish reported that\nthe persist attribute in XUL elements can be used to\nstore cookie-like information on a user's computer which could later\nbe read by a website.  This creates a privacy issue for users who have\na non-standard cookie preference and wish to prevent sites from\nsetting cookies on their machine.  Even with cookies turned off, this\nissue could be used by a website to write persistent data in a user's\nbrowser and track the user across browsing sessions.  Additionally,\nthis issue could allow a website to bypass the limits normally placed\non cookie size and number.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5505","reference_id":"","reference_type":"","scores":[{"value":"0.00833","scoring_system":"epss","scoring_elements":"0.74956","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5505"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476274","reference_id":"476274","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505","reference_id":"CVE-2008-5505","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5505"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-63","reference_id":"mfsa2008-63","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5505"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzs1-hx2t-y7da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2348?format=json","vulnerability_id":"VCID-m66w-2zgj-kqhr","summary":"Security researcher Soroush Dalili reported that a\ncombination of invoking full screen mode and navigating backwards in history\ncould, in some circumstances, cause a hang or crash due to a timing dependent\nuse-after-free pointer reference. This crash may be potentially exploitable.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3988","reference_id":"","reference_type":"","scores":[{"value":"0.0399","scoring_system":"epss","scoring_elements":"0.88619","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3988"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863619","reference_id":"863619","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988","reference_id":"CVE-2012-3988","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-79","reference_id":"mfsa2012-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3988"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m66w-2zgj-kqhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2450?format=json","vulnerability_id":"VCID-m6ya-dpyt-fyas","summary":"Mozilla developers identified and fixed several stability bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these crashes\nshowed evidence of memory corruption under certain circumstances and we presume\nthat with enough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and could be\nvulnerable if JavaScript were to be enabled in mail. This is not the default\nsetting and we strongly discourage users from running JavaScript in\nmail. Without further investigation we cannot rule out the possibility that for\nsome of these an attacker might be able to prepare memory for exploitation\nthrough some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5502","reference_id":"","reference_type":"","scores":[{"value":"0.03767","scoring_system":"epss","scoring_elements":"0.88247","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5502"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476269","reference_id":"476269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502","reference_id":"CVE-2008-5502","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5502"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60","reference_id":"mfsa2008-60","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5502"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6ya-dpyt-fyas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2178?format=json","vulnerability_id":"VCID-m7be-rjrq-r7gv","summary":"Mozilla developer Blake Kaplan reported that the \nwindow.location object was made a normal overridable JavaScript object\nin the Firefox 3.6 browser engine (Gecko 1.9.2) because new mechanisms\nwere developed to enforce the same-origin policy between windows and frames.\nThis object is unfortunately also used by some plugins to determine the page\norigin used for access restrictions. A malicious page could override this\nobject to fool a plugin into granting access to data on another site or the\nlocal file system. The behavior of older Firefox versions has been restored.\nThis flaw does not affect earlier versions of Firefox, or other\nprograms such as Thunderbird or SeaMonkey built on older versions\nof the browser engine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0170","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66287","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170","reference_id":"CVE-2010-0170","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-10","reference_id":"mfsa2010-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0170"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7be-rjrq-r7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2354?format=json","vulnerability_id":"VCID-m8k4-hqc3-57f8","summary":"Security researcher Collin Jackson reported a violation of\nthe HTML5 specifications for document.domain behavior. Specified\nbehavior requires pages to only have access to windows in a new\ndocument.domain but the observed violation allowed pages to retain\naccess to windows from the page's initial origin in addition to the new\ndocument.domain. This could potentially lead to cross-site\nscripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3985","reference_id":"","reference_type":"","scores":[{"value":"0.00924","scoring_system":"epss","scoring_elements":"0.76394","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3985"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863617","reference_id":"863617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985","reference_id":"CVE-2012-3985","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-76","reference_id":"mfsa2012-76","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-76"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3985"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8k4-hqc3-57f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2620?format=json","vulnerability_id":"VCID-m92z-gnyf-gucn","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3074","reference_id":"","reference_type":"","scores":[{"value":"0.06345","scoring_system":"epss","scoring_elements":"0.9115","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3074"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521690","reference_id":"521690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074","reference_id":"CVE-2009-3074","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3074"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3074"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m92z-gnyf-gucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2677?format=json","vulnerability_id":"VCID-meap-trqg-3qh9","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1303","reference_id":"","reference_type":"","scores":[{"value":"0.02802","scoring_system":"epss","scoring_elements":"0.86389","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1303"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496253","reference_id":"496253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303","reference_id":"CVE-2009-1303","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1303"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-meap-trqg-3qh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2331?format=json","vulnerability_id":"VCID-mf9j-kke2-bfak","summary":"Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4184","reference_id":"","reference_type":"","scores":[{"value":"0.01102","scoring_system":"epss","scoring_elements":"0.78395","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4184"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623","reference_id":"863623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184","reference_id":"CVE-2012-4184","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83","reference_id":"mfsa2012-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4184"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mf9j-kke2-bfak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2249?format=json","vulnerability_id":"VCID-mfnv-gyq3-eufj","summary":"Security researcher Paul Stone reported an attack where an\nHTML page hosted on a Windows share and then loaded could then load Windows\nshortcut files (.lnk) in the same share. These shortcut files could then link to\narbitrary locations on the local file system of the individual loading the HTML\npage. That page could show the contents of these linked files or directories\nfrom the local file system in an iframe, causing information disclosure.\nThis issue could potentially affect Linux machines with samba\nshares enabled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1945","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.4096","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1945"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827831","reference_id":"827831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945","reference_id":"CVE-2012-1945","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-37","reference_id":"mfsa2012-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1945"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfnv-gyq3-eufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2205?format=json","vulnerability_id":"VCID-mg1g-83ha-ekgc","summary":"Mozilla cryptographer Nelson Bolyard reported that\nthe SSL implementation was permitting servers to use Diffie-Hellman\nEphemeral mode (DHE) with too short of a minimum key length.  DHE keys\nof such lengths are trivially breakable on modern hardware so SSL\nservers operating in this mode were providing very little effective\nsecurity for their clients.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3173","reference_id":"","reference_type":"","scores":[{"value":"0.02315","scoring_system":"epss","scoring_elements":"0.85078","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3173"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642302","reference_id":"642302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173","reference_id":"CVE-2010-3173","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-72","reference_id":"mfsa2010-72","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-72"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://usn.ubuntu.com/1007-1/","reference_id":"USN-1007-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1007-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3173"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mg1g-83ha-ekgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2380?format=json","vulnerability_id":"VCID-mhjx-g26j-87gc","summary":"Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3970","reference_id":"","reference_type":"","scores":[{"value":"0.02745","scoring_system":"epss","scoring_elements":"0.86263","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3970"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922","reference_id":"851922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970","reference_id":"CVE-2012-3970","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3970"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63","reference_id":"mfsa2012-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3970"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhjx-g26j-87gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2410?format=json","vulnerability_id":"VCID-mpwt-9awb-mkh4","summary":"Mozilla security researcher moz_bug_r_a4 reported that\ncertain security checks in the location object can be bypassed if chrome code is\ncalled content in a specific manner. This allowed for the loading of restricted\ncontent. This can be combined with other issues to become potentially\nexploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3978","reference_id":"","reference_type":"","scores":[{"value":"0.01292","scoring_system":"epss","scoring_elements":"0.80012","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3978"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851937","reference_id":"851937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851937"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978","reference_id":"CVE-2012-3978","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-70","reference_id":"mfsa2012-70","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3978"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mpwt-9awb-mkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2290?format=json","vulnerability_id":"VCID-mq5h-749h-53ff","summary":"Mozilla developer Johnny Stenback discovered that several\nmethods of a feature used for testing (DOMWindowUtils) are not protected by\nexisting security checks, allowing these methods to be called through script by\nweb pages. This was addressed by adding the existing security checks to these\nmethods.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3986","reference_id":"","reference_type":"","scores":[{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.75068","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863618","reference_id":"863618","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986","reference_id":"CVE-2012-3986","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-77","reference_id":"mfsa2012-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-77"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3986"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq5h-749h-53ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2242?format=json","vulnerability_id":"VCID-mr6q-j2dx-yub6","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3967.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3967","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69629","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920","reference_id":"851920","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967","reference_id":"CVE-2012-3967","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3967"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62","reference_id":"mfsa2012-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3967"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mr6q-j2dx-yub6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2659?format=json","vulnerability_id":"VCID-msm9-wpc5-uyhc","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0771","reference_id":"","reference_type":"","scores":[{"value":"0.07679","scoring_system":"epss","scoring_elements":"0.92047","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488272","reference_id":"488272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771","reference_id":"CVE-2009-0771","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0771"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msm9-wpc5-uyhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2657?format=json","vulnerability_id":"VCID-mua7-tbmx-6fgr","summary":"An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, reported that the columns of a XUL tree element could be\nmanipulated in a particular way which would leave a pointer owned by\nthe column pointing to freed memory.  An attacker could potentially\nuse this vulnerability to crash a victim's browser and run arbitrary\ncode on the victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3077","reference_id":"","reference_type":"","scores":[{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90327","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521693","reference_id":"521693","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077","reference_id":"CVE-2009-3077","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3077"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-49","reference_id":"mfsa2009-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3077"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mua7-tbmx-6fgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2191?format=json","vulnerability_id":"VCID-mvt7-a39m-s7ag","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3176","reference_id":"","reference_type":"","scores":[{"value":"0.03853","scoring_system":"epss","scoring_elements":"0.88413","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642272","reference_id":"642272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176","reference_id":"CVE-2010-3176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3176"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvt7-a39m-s7ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2408?format=json","vulnerability_id":"VCID-mwtn-7mbw-bfc6","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1948","reference_id":"","reference_type":"","scores":[{"value":"0.03101","scoring_system":"epss","scoring_elements":"0.87047","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840201","reference_id":"840201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948","reference_id":"CVE-2012-1948","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42","reference_id":"mfsa2012-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1948"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwtn-7mbw-bfc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2893?format=json","vulnerability_id":"VCID-mz1n-193x-qqhn","summary":"Mozilla developers fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3652","reference_id":"","reference_type":"","scores":[{"value":"0.03926","scoring_system":"epss","scoring_elements":"0.88524","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652","reference_id":"CVE-2011-3652","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48","reference_id":"mfsa2011-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-48"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3652"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mz1n-193x-qqhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2803?format=json","vulnerability_id":"VCID-mza1-376r-c3bm","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0070","reference_id":"","reference_type":"","scores":[{"value":"0.04133","scoring_system":"epss","scoring_elements":"0.88839","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700640","reference_id":"700640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070","reference_id":"CVE-2011-0070","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0070"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mza1-376r-c3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2611?format=json","vulnerability_id":"VCID-n2jn-bkz2-yygh","summary":"Security researcher Takehiro Takahashi of the IBM\nX-Force reported that Mozilla's NTLM implementation was vulnerable to\nreflection attacks in which NTLM credentials from one application\ncould be forwarded to another arbitrary application via the browser.\nIf an attacker could get a user to visit a web page he controlled he\ncould force NTLM authenticated requests to be forwarded to another\napplication on behalf of the user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3983.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3983","reference_id":"","reference_type":"","scores":[{"value":"0.00664","scoring_system":"epss","scoring_elements":"0.7158","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546720","reference_id":"546720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983","reference_id":"CVE-2009-3983","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-68","reference_id":"mfsa2009-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1673","reference_id":"RHSA-2009:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3983"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2jn-bkz2-yygh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2259?format=json","vulnerability_id":"VCID-n4a2-kntd-sug6","summary":"Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0446","reference_id":"","reference_type":"","scores":[{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.62904","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446","reference_id":"CVE-2012-0446","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-05","reference_id":"mfsa2012-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-05"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0446"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4a2-kntd-sug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2660?format=json","vulnerability_id":"VCID-n4t9-vspp-y7br","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0772","reference_id":"","reference_type":"","scores":[{"value":"0.07324","scoring_system":"epss","scoring_elements":"0.91828","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488273","reference_id":"488273","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772","reference_id":"CVE-2009-0772","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0258","reference_id":"RHSA-2009:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0325","reference_id":"RHSA-2009:0325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0325"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"},{"reference_url":"https://usn.ubuntu.com/728-2/","reference_id":"USN-728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-2/"},{"reference_url":"https://usn.ubuntu.com/728-3/","reference_id":"USN-728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-3/"},{"reference_url":"https://usn.ubuntu.com/741-1/","reference_id":"USN-741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/741-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0772"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4t9-vspp-y7br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2685?format=json","vulnerability_id":"VCID-n4ww-93jx-8uhk","summary":"Security researcher Orlando Berrera of Sec Theory\nreported that recursive creation of JavaScript web-workers can be used\nto create a set of objects whose memory could be freed prior to their\nuse.  These conditions often result in a crash which could potentially\nbe used by an attacker to run arbitrary code on a victim's\ncomputer.Web Workers were introduced in Firefox 3.5 so this\nvulnerability did not affect earlier releases such as Firefox 3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3371","reference_id":"","reference_type":"","scores":[{"value":"0.02682","scoring_system":"epss","scoring_elements":"0.86124","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371","reference_id":"CVE-2009-3371","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-54","reference_id":"mfsa2009-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-54"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3371"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4ww-93jx-8uhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=json","vulnerability_id":"VCID-nbbh-ws5y-3uh4","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0444","reference_id":"","reference_type":"","scores":[{"value":"0.08973","scoring_system":"epss","scoring_elements":"0.92753","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197","reference_id":"664197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196","reference_id":"669196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=786026","reference_id":"786026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=786026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444","reference_id":"CVE-2012-0444","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07","reference_id":"mfsa2012-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0136","reference_id":"RHSA-2012:0136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0136"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"},{"reference_url":"https://usn.ubuntu.com/1370-1/","reference_id":"USN-1370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1370-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0444"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2138?format=json","vulnerability_id":"VCID-nchh-872w-vkh3","summary":"Mozilla developer Justin Dolske reported that the new\nasynchronous Authorization Prompt (HTTP username and password) was not\nalways attached to the correct window. Although we have not\ndemonstrated this, it may be possible for a malicious page to convince\na user to open a new tab or popup to a trusted service and then have\nthe HTTP authorization prompt from the malicious page appear to be\nthe login prompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few web sites use HTTP authorization,\npreferring instead to use web forms and cookies.This issue does not affect older versions of Firefox or\nproducts based on the Mozilla browser engine, such as Thunderbird and\nSeaMonkey, using an older version of the engine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0172","reference_id":"","reference_type":"","scores":[{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67804","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172","reference_id":"CVE-2010-0172","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-15","reference_id":"mfsa2010-15","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0172"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nchh-872w-vkh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2827?format=json","vulnerability_id":"VCID-ngf4-yj5g-qfg2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0084.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0084","reference_id":"","reference_type":"","scores":[{"value":"0.05475","scoring_system":"epss","scoring_elements":"0.90364","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0084"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730519","reference_id":"730519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084","reference_id":"CVE-2011-0084","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29","reference_id":"mfsa2011-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31","reference_id":"mfsa2011-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-31"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33","reference_id":"mfsa2011-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1166","reference_id":"RHSA-2011:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1166"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"},{"reference_url":"https://usn.ubuntu.com/1192-1/","reference_id":"USN-1192-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1192-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0084"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngf4-yj5g-qfg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2807?format=json","vulnerability_id":"VCID-nm6h-k6v3-qbeu","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0077","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.88942","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700613","reference_id":"700613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077","reference_id":"CVE-2011-0077","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0077"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nm6h-k6v3-qbeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2370?format=json","vulnerability_id":"VCID-np3j-5bej-jbcf","summary":"Mozilla community member Daniel Glazman of Disruptive\nInnovations reported a crash when accessing a keyframe's cssText after dynamic\nmodification. This crash may be potentially exploitable.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0459","reference_id":"","reference_type":"","scores":[{"value":"0.03436","scoring_system":"epss","scoring_elements":"0.87699","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0459"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803112","reference_id":"803112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459","reference_id":"CVE-2012-0459","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0459"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17","reference_id":"mfsa2012-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0459"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-np3j-5bej-jbcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2155?format=json","vulnerability_id":"VCID-ns97-bju9-4kam","summary":"Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements.  A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem.  This integer is later used in allocating a memory buffer used\nto store the plugin parameters.  Under such conditions, too small a\nbuffer would be created and attacker-controlled data could be written\npast the end of the buffer, potentially resulting in code\nexecution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1214","reference_id":"","reference_type":"","scores":[{"value":"0.0734","scoring_system":"epss","scoring_elements":"0.91838","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1214"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615462","reference_id":"615462","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214","reference_id":"CVE-2010-1214","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py","reference_id":"CVE-2010-1214","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/15027.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt","reference_id":"CVE-2010-1214;OSVDB-66594","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34358.txt"},{"reference_url":"https://www.securityfocus.com/bid/41842/info","reference_id":"CVE-2010-1214;OSVDB-66594","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/41842/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37","reference_id":"mfsa2010-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1214"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ns97-bju9-4kam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2368?format=json","vulnerability_id":"VCID-nvpe-v8jh-fqdk","summary":"Security researcher Mario Heiderich reported that javascript\ncould be executed in the HTML feed-view using <embed> tag\nwithin the RSS <description>. This problem is due to\n<embed> tags not being filtered out during parsing and can\nlead to a potential cross-site scripting (XSS) attack. The flaw existed in a\nparser utility class and could affect other parts of the browser or add-ons\nwhich rely on that class to sanitize untrusted input.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1957","reference_id":"","reference_type":"","scores":[{"value":"0.00998","scoring_system":"epss","scoring_elements":"0.77317","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840208","reference_id":"840208","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840208"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957","reference_id":"CVE-2012-1957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47","reference_id":"mfsa2012-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1957"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvpe-v8jh-fqdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2609?format=json","vulnerability_id":"VCID-nzh8-6y4s-b3ha","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1832.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1832","reference_id":"","reference_type":"","scores":[{"value":"0.1037","scoring_system":"epss","scoring_elements":"0.93338","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503569","reference_id":"503569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832","reference_id":"CVE-2009-1832","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24","reference_id":"mfsa2009-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1832"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzh8-6y4s-b3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2395?format=json","vulnerability_id":"VCID-p4hy-8me4-wyhk","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1939.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1939","reference_id":"","reference_type":"","scores":[{"value":"0.03612","scoring_system":"epss","scoring_elements":"0.87995","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1939"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829","reference_id":"827829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939","reference_id":"CVE-2012-1939","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34","reference_id":"mfsa2012-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1939"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4hy-8me4-wyhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116463?format=json","vulnerability_id":"VCID-pby3-xaup-j3cw","summary":"firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1563.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530162","reference_id":"530162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530162"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1563"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pby3-xaup-j3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116609?format=json","vulnerability_id":"VCID-pcxh-pchx-33ar","summary":"firefox 3.5 various flaws","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2478","reference_id":"","reference_type":"","scores":[{"value":"0.04071","scoring_system":"epss","scoring_elements":"0.88745","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228","reference_id":"511228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py","reference_id":"OSVDB-55932;CVE-2009-2478","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9181.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2478"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcxh-pchx-33ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116377?format=json","vulnerability_id":"VCID-pdqy-18cz-tkhb","summary":"webkit: stylesheet URL property leaks redirection target","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0648","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.6352","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0648"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=568170","reference_id":"568170","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=568170"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0648"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdqy-18cz-tkhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=json","vulnerability_id":"VCID-pjqn-kghb-k7fs","summary":"Mozilla developer Wladimir Palant reported that\nstylesheets used in remote XUL documents can wind up in the XUL cache\nwhere it can later be accessed by browser chrome for use in styling\nthe user interface.  A malicious website could use this issue to\npollute a user's XUL cache and change style attributes of their\nbrowser such as font size and color.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0169","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.6251","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576694","reference_id":"576694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169","reference_id":"CVE-2010-0169","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-14","reference_id":"mfsa2010-14","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0113","reference_id":"RHSA-2010:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0169"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqn-kghb-k7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2235?format=json","vulnerability_id":"VCID-pmmt-y31z-q3h1","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0442","reference_id":"","reference_type":"","scores":[{"value":"0.01441","scoring_system":"epss","scoring_elements":"0.81067","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0442"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=785085","reference_id":"785085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=785085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442","reference_id":"CVE-2012-0442","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01","reference_id":"mfsa2012-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0084","reference_id":"RHSA-2012:0084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0084"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0085","reference_id":"RHSA-2012:0085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0085"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0442"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmmt-y31z-q3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2675?format=json","vulnerability_id":"VCID-pua3-9myf-akfg","summary":"Security researcher Juan Pablo Lopez Yacubian\nreported that the default Windows font used to render the locationbar\nand other text fields was improperly displaying certain Unicode\ncharacters with tall line-height.  In such cases the tall line-height\nwould cause the rest of the text in the input field to be scrolled\nvertically out of view.  An attacker could use this vulnerability to\nprevent a user from seeing the URL of a malicious site.Corrie Sloot also independently reported this\nissue to Mozilla.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3078","reference_id":"","reference_type":"","scores":[{"value":"0.01724","scoring_system":"epss","scoring_elements":"0.8276","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3078"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521694","reference_id":"521694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078","reference_id":"CVE-2009-3078","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3078"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-50","reference_id":"mfsa2009-50","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3078"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pua3-9myf-akfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2194?format=json","vulnerability_id":"VCID-pykb-a18b-dbf8","summary":"Security researcher Chris Rohlf of Matasano\nSecurity reported that the implementation of the HTML frameset element\ncontained an integer overflow vulnerability.  The code responsible for\nparsing the frameset columns used an 8-byte counter for the column\nnumbers, so when a very large number of columns was passed in the\ncounter would overflow.  When this counter was subsequently used to\nallocate memory for the frameset, the memory buffer would be too\nsmall, potentially resulting in a heap buffer overflow and execution\nof attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2765","reference_id":"","reference_type":"","scores":[{"value":"0.04021","scoring_system":"epss","scoring_elements":"0.8867","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630056","reference_id":"630056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765","reference_id":"CVE-2010-2765","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-50","reference_id":"mfsa2010-50","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-50"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2765"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pykb-a18b-dbf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2470?format=json","vulnerability_id":"VCID-q1mu-jcve-4kgv","summary":"Georgi Guninski reported a buffer overflow in the handling of cancelled newsgroup messages.  The error was caused by too small a heap buffer being allocated to store message header information.  This buffer could be overrun by an attacker using a specially crafted message which could crash the mail reader and potentially be used to run arbitrary code on the victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4070","reference_id":"","reference_type":"","scores":[{"value":"0.02832","scoring_system":"epss","scoring_elements":"0.86452","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=464041","reference_id":"464041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=464041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070","reference_id":"CVE-2008-4070","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-46","reference_id":"mfsa2008-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4070"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1mu-jcve-4kgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2336?format=json","vulnerability_id":"VCID-q24e-mb35-tqhk","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1976","reference_id":"","reference_type":"","scores":[{"value":"0.03172","scoring_system":"epss","scoring_elements":"0.87177","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1976"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976","reference_id":"CVE-2012-1976","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1976"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q24e-mb35-tqhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2219?format=json","vulnerability_id":"VCID-q5qh-c85t-tygr","summary":"Mozilla added the OTS\nfont sanitizing library to prevent downloadable fonts from exposing\nvulnerabilities in the underlying OS font code. This library mitigates\nagainst several issues independently reported by Red Hat Security\nResponse Team member Marc Schoenefeld and Mozilla\nsecurity researcher Christoph Diehl.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3768","reference_id":"","reference_type":"","scores":[{"value":"0.06139","scoring_system":"epss","scoring_elements":"0.90966","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3768"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660420","reference_id":"660420","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768","reference_id":"CVE-2010-3768","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-78","reference_id":"mfsa2010-78","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-78"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0969","reference_id":"RHSA-2010:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0969"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3768"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5qh-c85t-tygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2886?format=json","vulnerability_id":"VCID-q6wy-vbkn-5ybk","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2995.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2995","reference_id":"","reference_type":"","scores":[{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.86064","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2995"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741902","reference_id":"741902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995","reference_id":"CVE-2011-2995","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36","reference_id":"mfsa2011-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://usn.ubuntu.com/1210-1/","reference_id":"USN-1210-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1210-1/"},{"reference_url":"https://usn.ubuntu.com/1213-1/","reference_id":"USN-1213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1213-1/"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2995"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6wy-vbkn-5ybk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2377?format=json","vulnerability_id":"VCID-q89u-vxqk-mbhv","summary":"Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4201","reference_id":"","reference_type":"","scores":[{"value":"0.01959","scoring_system":"epss","scoring_elements":"0.83825","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877616","reference_id":"877616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201","reference_id":"CVE-2012-4201","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93","reference_id":"mfsa2012-93","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4201"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q89u-vxqk-mbhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2237?format=json","vulnerability_id":"VCID-q9j1-5s74-5ugv","summary":"Security research Nicolas Grégoire used the Address\nSanitizer tool to discover an out-of-bounds read in the format-number feature of\nXSLT, which can cause inaccurate formatting of numbers and information leakage.\nThis is not directly exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3972.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3972","reference_id":"","reference_type":"","scores":[{"value":"0.04549","scoring_system":"epss","scoring_elements":"0.89373","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3972"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851924","reference_id":"851924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972","reference_id":"CVE-2012-3972","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-65","reference_id":"mfsa2012-65","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3972"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9j1-5s74-5ugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2622?format=json","vulnerability_id":"VCID-q9yf-bpwj-cfcy","summary":"Security researcher Gregory Fleischer reported\nthat text within a selection on a web page can be read by JavaScript\nin a different domain using the document.getSelection\nfunction, violating the same-origin policy.  Since this vulnerability\nrequires user interaction to exploit, its severity was determined to\nbe moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3375","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64526","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530167","reference_id":"530167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375","reference_id":"CVE-2009-3375","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61","reference_id":"mfsa2009-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3375"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9yf-bpwj-cfcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140824?format=json","vulnerability_id":"VCID-qajb-6htt-h7cq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3073","reference_id":"","reference_type":"","scores":[{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81343","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3073"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2007-3073"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qajb-6htt-h7cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2193?format=json","vulnerability_id":"VCID-qb9j-sn9f-hye6","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3174","reference_id":"","reference_type":"","scores":[{"value":"0.03201","scoring_system":"epss","scoring_elements":"0.87239","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3174"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174","reference_id":"CVE-2010-3174","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3174"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3174"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qb9j-sn9f-hye6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2201?format=json","vulnerability_id":"VCID-qd2f-p5n6-yqa8","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3778","reference_id":"","reference_type":"","scores":[{"value":"0.05098","scoring_system":"epss","scoring_elements":"0.89992","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778","reference_id":"CVE-2010-3778","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3778"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74","reference_id":"mfsa2010-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3778"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qd2f-p5n6-yqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2142?format=json","vulnerability_id":"VCID-qerq-fger-47fb","summary":"Security researcher wushi of team509 reported that\nwhen a XUL tree had an HTML <div> element nested inside a\n<treechildren> element then code attempting to display content\nin the XUL tree would incorrectly treat the <div> element as a\nparent node to tree content underneath it resulting in incorrect\nindexes being calculated for the child content.  These incorrect\nindexes were used in subsequent array operations which resulted in\nwriting data past the end of an allocated buffer.  An attacker could\nuse this issue to crash a victim's browser and run arbitrary code on\ntheir machine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3772","reference_id":"","reference_type":"","scores":[{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90327","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660419","reference_id":"660419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772","reference_id":"CVE-2010-3772","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-77","reference_id":"mfsa2010-77","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-77"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0968","reference_id":"RHSA-2010:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0968"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3772"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qerq-fger-47fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115552?format=json","vulnerability_id":"VCID-qmjx-ueen-sqaw","summary":"Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2605","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57422","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2605"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2605"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmjx-ueen-sqaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=json","vulnerability_id":"VCID-qq5u-em1p-9kat","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0173","reference_id":"","reference_type":"","scores":[{"value":"0.0757","scoring_system":"epss","scoring_elements":"0.91981","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173","reference_id":"CVE-2010-0173","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16","reference_id":"mfsa2010-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0173"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5u-em1p-9kat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106633?format=json","vulnerability_id":"VCID-qs4d-hm8w-jfcm","summary":"The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2437.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2437","reference_id":"","reference_type":"","scores":[{"value":"0.03757","scoring_system":"epss","scoring_elements":"0.88237","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2437"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936","reference_id":"422936","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422936"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt","reference_id":"CVE-2007-2437;OSVDB-34905","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/29939.txt"},{"reference_url":"https://www.securityfocus.com/bid/23741/info","reference_id":"CVE-2007-2437;OSVDB-34905","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23741/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2007-2437"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs4d-hm8w-jfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115597?format=json","vulnerability_id":"VCID-qsqe-9qf4-tqag","summary":"firefox: doesn't (re)validate certificates when loading HTTPS page","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0082","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62568","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=709165","reference_id":"709165","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=709165"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0082"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsqe-9qf4-tqag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2623?format=json","vulnerability_id":"VCID-qtgw-bjrx-sug7","summary":"IOActive security researcher Dan Kaminsky reported a\nmismatch in the treatment of domain names in SSL certificates between SSL\nclients and the Certificate Authorities (CA) which issue server certificates.\nIn particular, if a malicious person requested a certificate for a host name\nwith an invalid null character in it most CAs would issue the\ncertificate if the requester owned the domain specified after the null, while\nmost SSL clients (browsers) ignored that part of the name and used the\nunvalidated part in front of the null. This made it possible for attackers to\nobtain certificates that would function for any site they wished to target.\nThese certificates could be used to intercept and potentially alter encrypted\ncommunication between the client and a server such as sensitive bank\naccount transactions.This vulnerability was independently reported to us by researcher\nMoxie Marlinspike who also noted that since Firefox\nrelies on SSL to protect the integrity of security updates this attack\ncould be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability\nResearch team for coordinating a multiple-vendor response to this problem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2408","reference_id":"","reference_type":"","scores":[{"value":"0.01855","scoring_system":"epss","scoring_elements":"0.83376","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2408"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=510251","reference_id":"510251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=510251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934","reference_id":"539934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408","reference_id":"CVE-2009-2408","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-42","reference_id":"mfsa2009-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1184","reference_id":"RHSA-2009:1184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1186","reference_id":"RHSA-2009:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1190","reference_id":"RHSA-2009:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1207","reference_id":"RHSA-2009:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://usn.ubuntu.com/810-1/","reference_id":"USN-810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2408"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtgw-bjrx-sug7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2650?format=json","vulnerability_id":"VCID-qu47-gy34-3fhf","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the XPCOM utility XPCVariant::VariantDataToJS\nunwrapped doubly-wrapped objects before returning them to chrome\ncallers.  This could result in chrome privileged code calling methods\non an object which had previously been created or modified by web\ncontent, potentially executing malicious JavaScript code with chrome\nprivileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3374","reference_id":"","reference_type":"","scores":[{"value":"0.00887","scoring_system":"epss","scoring_elements":"0.75836","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530157","reference_id":"530157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374","reference_id":"CVE-2009-3374","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57","reference_id":"mfsa2009-57","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3374"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qu47-gy34-3fhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2457?format=json","vulnerability_id":"VCID-qy7t-uj8w-cyg3","summary":"Mozilla developer Georgi Guninski reported that\nthe canvas element could be used in conjunction with an HTTP redirect\nto bypass same-origin restrictions and gain access to the content in\narbitrary images from other domains.  This vulnerability could be used\nby an attacker to steal private information from a victim who is\nlogged into a website that stores the data in images.Security researchers Michal Zalewski\nand Chris Evans also reported an additional threat\ncaused by this vulnerability in which an attacker can enumerate the\nsoftware installed on a victim's computer by using moz-icon as the\nredirection target.Firefox 3 is not affected by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5012","reference_id":"","reference_type":"","scores":[{"value":"0.05969","scoring_system":"epss","scoring_elements":"0.90822","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5012"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=470864","reference_id":"470864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=470864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012","reference_id":"CVE-2008-5012","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-48","reference_id":"mfsa2008-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-48"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0976","reference_id":"RHSA-2008:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0977","reference_id":"RHSA-2008:0977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0977"},{"reference_url":"https://usn.ubuntu.com/667-1/","reference_id":"USN-667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/667-1/"},{"reference_url":"https://usn.ubuntu.com/668-1/","reference_id":"USN-668-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/668-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5012"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qy7t-uj8w-cyg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2241?format=json","vulnerability_id":"VCID-qys7-5evw-9yh6","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3968.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3968","reference_id":"","reference_type":"","scores":[{"value":"0.01852","scoring_system":"epss","scoring_elements":"0.83363","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920","reference_id":"851920","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968","reference_id":"CVE-2012-3968","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62","reference_id":"mfsa2012-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3968"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qys7-5evw-9yh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2842?format=json","vulnerability_id":"VCID-qz3r-49sk-53c9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2980","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980","reference_id":"CVE-2011-2980","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2980"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qz3r-49sk-53c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2338?format=json","vulnerability_id":"VCID-r13k-4hde-9uhe","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3957","reference_id":"","reference_type":"","scores":[{"value":"0.02961","scoring_system":"epss","scoring_elements":"0.86744","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957","reference_id":"CVE-2012-3957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3957"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r13k-4hde-9uhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2152?format=json","vulnerability_id":"VCID-r1ky-v2fu-mfbz","summary":"Security researcher Sergey Glazunov reported that\nit was possible to access the locationbar property of\na window object after it had been closed.  Since the\nclosed window's memory could have been subsequently\nreused by the system it was possible that an attempt to access\nthe locationbar property could result in the execution of\nattacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3180","reference_id":"","reference_type":"","scores":[{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90327","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642283","reference_id":"642283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180","reference_id":"CVE-2010-3180","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-66","reference_id":"mfsa2010-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3180"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ky-v2fu-mfbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2343?format=json","vulnerability_id":"VCID-r3ec-2a2x-q3az","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3962","reference_id":"","reference_type":"","scores":[{"value":"0.04219","scoring_system":"epss","scoring_elements":"0.88946","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962","reference_id":"CVE-2012-3962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3962"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3ec-2a2x-q3az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2593?format=json","vulnerability_id":"VCID-r3sj-cqnz-aqha","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2464","reference_id":"","reference_type":"","scores":[{"value":"0.17716","scoring_system":"epss","scoring_elements":"0.9524","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512133","reference_id":"512133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464","reference_id":"CVE-2009-2464","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2464"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt","reference_id":"CVE-2009-2464;OSVDB-56229","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33101.txt"},{"reference_url":"https://www.securityfocus.com/bid/35775/info","reference_id":"CVE-2009-2464;OSVDB-56229","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35775/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2464"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3sj-cqnz-aqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2386?format=json","vulnerability_id":"VCID-r5p4-r6th-1fft","summary":"Security researcher Karthikeyan Bhargavan of Prosecco at\nINRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP\nviolation reports generated by Firefox and sent to the \"report-uri\" location\ninclude sensitive data within the \"blocked-uri\" parameter. These include\nfragment components and query strings even if the \"blocked-uri\" parameter has a\ndifferent origin than the protected resource. This can be used to retrieve a\nuser's OAuth 2.0 access tokens and OpenID credentials by malicious sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1963","reference_id":"","reference_type":"","scores":[{"value":"0.01487","scoring_system":"epss","scoring_elements":"0.81368","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1963"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840220","reference_id":"840220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963","reference_id":"CVE-2012-1963","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53","reference_id":"mfsa2012-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1963"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5p4-r6th-1fft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2285?format=json","vulnerability_id":"VCID-r6d4-xcvs-dfdn","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5843","reference_id":"","reference_type":"","scores":[{"value":"0.01532","scoring_system":"epss","scoring_elements":"0.81649","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5843"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877613","reference_id":"877613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843","reference_id":"CVE-2012-5843","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91","reference_id":"mfsa2012-91","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-91"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5843"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6d4-xcvs-dfdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2352?format=json","vulnerability_id":"VCID-r6wt-uf7r-s7fn","summary":"Security researcher Atte Kettunen from OUSPG found two\nissues with Firefox's handling of SVG using the Address Sanitizer tool. The\nfirst issue, critically rated, is a use-after-free in SVG animation that could\npotentially lead to arbitrary code execution. The second issue is rated moderate\nand is an out of bounds read in SVG Filters. This could potentially incorporate\ndata from the user's memory, making it accessible to the page content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0456","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74312","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0456"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116","reference_id":"803116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456","reference_id":"CVE-2012-0456","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0456"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14","reference_id":"mfsa2012-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0456"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6wt-uf7r-s7fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116461?format=json","vulnerability_id":"VCID-r7c8-cmez-9uam","summary":"Seamonkey: NULL pointer dereference in GIF decoder","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3978","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71915","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3978"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=547292","reference_id":"547292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=547292"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3978"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7c8-cmez-9uam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2363?format=json","vulnerability_id":"VCID-ranf-y25x-ffh4","summary":"Mozilla developer Matt Brubeck reported that\nwindow.fullScreen is writeable by untrusted content now that the DOM fullscreen\nAPI is enabled. Because window.fullScreen does not include\nmozRequestFullscreen's security protections, it could be used for UI spoofing.\nThis code change makes window.fullScreen read only by untrusted content, forcing\nthe use of the DOM fullscreen API in normal usage.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0460","reference_id":"","reference_type":"","scores":[{"value":"0.01798","scoring_system":"epss","scoring_elements":"0.83124","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0460"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803111","reference_id":"803111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460","reference_id":"CVE-2012-0460","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18","reference_id":"mfsa2012-18","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0460"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ranf-y25x-ffh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2239?format=json","vulnerability_id":"VCID-rdhz-96c5-mka3","summary":"Security researchers Nicolas Grégoire and Aki\nHelin independently reported that when processing a malformed\nembedded XSLT stylesheet, Firefox can crash due to a memory corruption.\nWhile there is no evidence that this is directly exploitable, there is\na possibility of remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0449","reference_id":"","reference_type":"","scores":[{"value":"0.03949","scoring_system":"epss","scoring_elements":"0.88556","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0449"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=785966","reference_id":"785966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=785966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449","reference_id":"CVE-2012-0449","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08","reference_id":"mfsa2012-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0449"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdhz-96c5-mka3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2464?format=json","vulnerability_id":"VCID-rtjn-ra4m-3qhq","summary":"Security researcher Billy Hoffman discovered a bug in the XBM decoder that allowed random small chunks of uninitialized memory to be read.  The severity of this bug was low and did not appear to cause any memory corruption.Firefox 3 is not affected by this issue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4069","reference_id":"","reference_type":"","scores":[{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80038","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463251","reference_id":"463251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463251"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069","reference_id":"CVE-2008-4069","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4069"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-45","reference_id":"mfsa2008-45","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4069"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtjn-ra4m-3qhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2601?format=json","vulnerability_id":"VCID-ru9e-ndxy-pqb8","summary":"One of the security fixes in Firefox 3.0.9 introduced a\nregression that caused some users to experience frequent crashes.\nUsers of the HTML Validator add-on were particularly affected, but\nother users also experienced this crash in some situations.\nIn analyzing this crash we discovered that it was due to memory\ncorruption similar to cases that have been identified as security\nvulnerabilities in the past.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1313.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1313","reference_id":"","reference_type":"","scores":[{"value":"0.32166","scoring_system":"epss","scoring_elements":"0.96922","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1313"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=497447","reference_id":"497447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=497447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313","reference_id":"CVE-2009-1313","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html","reference_id":"CVE-2009-1313;OSVDB-54174","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32961.html"},{"reference_url":"https://www.securityfocus.com/bid/34743/info","reference_id":"CVE-2009-1313;OSVDB-54174","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/34743/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-23","reference_id":"mfsa2009-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0449","reference_id":"RHSA-2009:0449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0449"},{"reference_url":"https://usn.ubuntu.com/765-1/","reference_id":"USN-765-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/765-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1313"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ru9e-ndxy-pqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2607?format=json","vulnerability_id":"VCID-rub4-fa7f-tfe8","summary":"Mozilla security researchers Jesse Ruderman\nand Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body.  An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3376","reference_id":"","reference_type":"","scores":[{"value":"0.03024","scoring_system":"epss","scoring_elements":"0.86875","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530168","reference_id":"530168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376","reference_id":"CVE-2009-3376","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62","reference_id":"mfsa2009-62","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3376"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rub4-fa7f-tfe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2169?format=json","vulnerability_id":"VCID-ruxv-49gp-ykg5","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3072.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3072","reference_id":"","reference_type":"","scores":[{"value":"0.04749","scoring_system":"epss","scoring_elements":"0.89616","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3072"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521688","reference_id":"521688","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072","reference_id":"CVE-2009-3072","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3072"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3072"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruxv-49gp-ykg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/143970?format=json","vulnerability_id":"VCID-s25y-3kgb-13db","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0367","reference_id":"","reference_type":"","scores":[{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75138","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0367"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-0367"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s25y-3kgb-13db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2346?format=json","vulnerability_id":"VCID-s2bx-814a-fkbw","summary":"Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. \nFirefox 9 and earlier are not affected by this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0452","reference_id":"","reference_type":"","scores":[{"value":"0.01801","scoring_system":"epss","scoring_elements":"0.83135","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0452"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=789506","reference_id":"789506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=789506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452","reference_id":"CVE-2012-0452","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-10","reference_id":"mfsa2012-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-10"},{"reference_url":"https://usn.ubuntu.com/1360-1/","reference_id":"USN-1360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1360-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0452"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2bx-814a-fkbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2799?format=json","vulnerability_id":"VCID-s7bu-gy24-sudx","summary":"Security researcher Jordi Chancel reported a crash\non multipart/x-mixed-replace images due to memory\ncorruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2377","reference_id":"","reference_type":"","scores":[{"value":"0.05899","scoring_system":"epss","scoring_elements":"0.90765","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2377"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714929","reference_id":"714929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377","reference_id":"CVE-2011-2377","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-21","reference_id":"mfsa2011-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2377"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7bu-gy24-sudx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2340?format=json","vulnerability_id":"VCID-s933-9v5u-a3b3","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3959","reference_id":"","reference_type":"","scores":[{"value":"0.03932","scoring_system":"epss","scoring_elements":"0.88534","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3959"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959","reference_id":"CVE-2012-3959","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3959"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s933-9v5u-a3b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2638?format=json","vulnerability_id":"VCID-s9ey-mtj5-vbey","summary":"Security researcher David James reported that a\ncontent window which is opened by a chrome window retains a reference\nto the chrome window via the window.opener property.  Using\nthis reference, content in the new window can access functions \ninside the chrome window, such as eval, and use these\nfunctions to run arbitrary JavaScript code with chrome privileges. In\na stock Mozilla browser a remote attacker can not cause these application\ndialogs to appear nor to automatically load the attack code that takes advantage\nof this flaw in window.opener. There may be add-ons which open\npotentially hostile web-content in this way, and combined with such an add-on the\nseverity of this flaw could be upgraded to Critical.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3986","reference_id":"","reference_type":"","scores":[{"value":"0.01982","scoring_system":"epss","scoring_elements":"0.83897","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546724","reference_id":"546724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986","reference_id":"CVE-2009-3986","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-70","reference_id":"mfsa2009-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3986"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ey-mtj5-vbey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2468?format=json","vulnerability_id":"VCID-sapx-e34n-tkhm","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat an XBL binding, when attached to an unloaded document, can be\nused to violate the same-origin policy and execute arbitrary\nJavaScript within the context of a different website.moz_bug_r_a4 also reported two vulnerabilities by which page\ncontent can pollute XPCNativeWrappers and run arbitrary JavaScript with\nchrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5512","reference_id":"","reference_type":"","scores":[{"value":"0.04686","scoring_system":"epss","scoring_elements":"0.8953","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5512"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476287","reference_id":"476287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512","reference_id":"CVE-2008-5512","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5512"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68","reference_id":"mfsa2008-68","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1037","reference_id":"RHSA-2008:1037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0002","reference_id":"RHSA-2009:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0002"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/690-3/","reference_id":"USN-690-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-3/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/701-2/","reference_id":"USN-701-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5512"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sapx-e34n-tkhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2409?format=json","vulnerability_id":"VCID-scmh-n3kp-yqas","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute\ncan be accessed under certain circumstances because of a premature notification\nof AttributeChildRemoved. This use-after-free of the child nodes could possibly\nallow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3659","reference_id":"","reference_type":"","scores":[{"value":"0.72536","scoring_system":"epss","scoring_elements":"0.98787","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3659"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=786258","reference_id":"786258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=786258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659","reference_id":"CVE-2011-3659","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb","reference_id":"CVE-2011-3659;OSVDB-78736","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb"},{"reference_url":"http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413","reference_id":"CVE-2011-3659;OSVDB-78736","reference_type":"exploit","scores":[],"url":"http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04","reference_id":"mfsa2012-04","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0079","reference_id":"RHSA-2012:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0080","reference_id":"RHSA-2012:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0080"},{"reference_url":"https://usn.ubuntu.com/1350-1/","reference_id":"USN-1350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1350-1/"},{"reference_url":"https://usn.ubuntu.com/1353-1/","reference_id":"USN-1353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1353-1/"},{"reference_url":"https://usn.ubuntu.com/1355-1/","reference_id":"USN-1355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1355-1/"},{"reference_url":"https://usn.ubuntu.com/1369-1/","reference_id":"USN-1369-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1369-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3659"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scmh-n3kp-yqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2163?format=json","vulnerability_id":"VCID-scs8-y8pt-mkh2","summary":"Security researcher Orlando Barrera II of SecTheory reported,\nvia TippingPoint's Zero Day Initiative, that Mozilla's implementation\nof Web Workers contained an error in its handling of array data types\nwhen processing posted messages.  This error could be used by an\nattacker to corrupt heap memory and crash the browser, potentially\nrunning arbitrary code on a victim's computer.Web Workers were introduced in Firefox 3.5; Firefox 3.0\nand earlier versions were not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0160","reference_id":"","reference_type":"","scores":[{"value":"0.05179","scoring_system":"epss","scoring_elements":"0.90078","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566049","reference_id":"566049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160","reference_id":"CVE-2010-0160","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-02","reference_id":"mfsa2010-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0160"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scs8-y8pt-mkh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2207?format=json","vulnerability_id":"VCID-se2r-rwr6-9fh2","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0174","reference_id":"","reference_type":"","scores":[{"value":"0.03507","scoring_system":"epss","scoring_elements":"0.87837","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0174"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578147","reference_id":"578147","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174","reference_id":"CVE-2010-0174","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16","reference_id":"mfsa2010-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0174"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-se2r-rwr6-9fh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2877?format=json","vulnerability_id":"VCID-sgkt-a1hx-cyas","summary":"Security researchers Chris Rohlf and Yan\nIvnitskiy of Matasano Security reported that when a\nJavaScript Array object had its length set to an\nextremely large value, the iteration of array elements that occurs\nwhen its reduceRight method was subsequently called could\nresult in the execution of attacker controlled memory due to an\ninvalid index value being used to access element properties.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2371","reference_id":"","reference_type":"","scores":[{"value":"0.86212","scoring_system":"epss","scoring_elements":"0.99415","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2371"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714580","reference_id":"714580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371","reference_id":"CVE-2011-2371","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html","reference_id":"CVE-2011-2371;OSVDB-73184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17974.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb","reference_id":"CVE-2011-2371;OSVDB-73184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17976.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html","reference_id":"CVE-2011-2371;OSVDB-73184","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18531.html"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-22","reference_id":"mfsa2011-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2371"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgkt-a1hx-cyas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2334?format=json","vulnerability_id":"VCID-shgf-ueps-13d5","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1974.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1974","reference_id":"","reference_type":"","scores":[{"value":"0.03305","scoring_system":"epss","scoring_elements":"0.87464","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1974"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974","reference_id":"CVE-2012-1974","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1974"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shgf-ueps-13d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2293?format=json","vulnerability_id":"VCID-shqz-mtvs-6ffy","summary":"Mozilla community member Alice White reported that when the\nGetProperty function is invoked through JSAPI, security checking\ncan be bypassed when getting cross-origin properties. This potentially allowed\nfor arbitrary code execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3991.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3991","reference_id":"","reference_type":"","scores":[{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80922","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3991"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863621","reference_id":"863621","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991","reference_id":"CVE-2012-3991","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-81","reference_id":"mfsa2012-81","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-81"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3991"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shqz-mtvs-6ffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2804?format=json","vulnerability_id":"VCID-skhj-cty8-s3h7","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0080","reference_id":"","reference_type":"","scores":[{"value":"0.02514","scoring_system":"epss","scoring_elements":"0.85669","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0080"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700677","reference_id":"700677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700677"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080","reference_id":"CVE-2011-0080","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0080"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-skhj-cty8-s3h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2161?format=json","vulnerability_id":"VCID-smf5-d33k-gybp","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1202","reference_id":"","reference_type":"","scores":[{"value":"0.06167","scoring_system":"epss","scoring_elements":"0.90986","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590810","reference_id":"590810","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202","reference_id":"CVE-2010-1202","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1202"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1202"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smf5-d33k-gybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/161668?format=json","vulnerability_id":"VCID-sn79-g3mx-4qgh","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1994","reference_id":"","reference_type":"","scores":[{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70306","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1994"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1994"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sn79-g3mx-4qgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2341?format=json","vulnerability_id":"VCID-sq1x-7gp9-ruec","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3960","reference_id":"","reference_type":"","scores":[{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960","reference_id":"CVE-2012-3960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3960"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sq1x-7gp9-ruec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2254?format=json","vulnerability_id":"VCID-svmf-237b-qqec","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4181","reference_id":"","reference_type":"","scores":[{"value":"0.03504","scoring_system":"epss","scoring_elements":"0.87828","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4181"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181","reference_id":"CVE-2012-4181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4181"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svmf-237b-qqec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2676?format=json","vulnerability_id":"VCID-swau-cddy-1kdm","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1302","reference_id":"","reference_type":"","scores":[{"value":"0.04391","scoring_system":"epss","scoring_elements":"0.89175","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1302"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496252","reference_id":"496252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302","reference_id":"CVE-2009-1302","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14","reference_id":"mfsa2009-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1302"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swau-cddy-1kdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2164?format=json","vulnerability_id":"VCID-t1sx-kgbz-kqds","summary":"Mozilla developer Vladimir Vukicevic reported that\na canvas element can be used to read data from another site, violating\nthe same-origin policy.  The read restriction placed on a canvas\nelement which has had cross-origin data rendered into it can be\nbypassed by retaining a reference to the canvas element's context and\ndeleting the associated canvas node from the DOM.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1207","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62358","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1207"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615472","reference_id":"615472","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207","reference_id":"CVE-2010-1207","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43","reference_id":"mfsa2010-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1207"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1sx-kgbz-kqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2281?format=json","vulnerability_id":"VCID-t2w6-q44t-muej","summary":"Security researcher Atte Kettunen from OUSPG reported\nseveral heap memory corruption issues found using the Address Sanitizer tool.\nThese issues are potentially exploitable, allowing for remote code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4186","reference_id":"","reference_type":"","scores":[{"value":"0.52507","scoring_system":"epss","scoring_elements":"0.97988","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626","reference_id":"863626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186","reference_id":"CVE-2012-4186","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86","reference_id":"mfsa2012-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-86"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4186"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2w6-q44t-muej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2200?format=json","vulnerability_id":"VCID-t5c6-f8zf-t3dx","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Update (March 1, 2011): CVE-2010-3777 was\nfixed in Firefox 3.5.17","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3776","reference_id":"","reference_type":"","scores":[{"value":"0.03853","scoring_system":"epss","scoring_elements":"0.88413","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660408","reference_id":"660408","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776","reference_id":"CVE-2010-3776","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74","reference_id":"mfsa2010-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-74"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0968","reference_id":"RHSA-2010:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0969","reference_id":"RHSA-2010:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0969"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"},{"reference_url":"https://usn.ubuntu.com/1020-1/","reference_id":"USN-1020-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1020-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3776"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5c6-f8zf-t3dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62152?format=json","vulnerability_id":"VCID-t8bw-rpmc-a3bp","summary":"Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2044","reference_id":"","reference_type":"","scores":[{"value":"0.05951","scoring_system":"epss","scoring_elements":"0.9081","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2044"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html","reference_id":"CVE-2009-2044;OSVDB-56471","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33031.html"},{"reference_url":"https://www.securityfocus.com/bid/35280/info","reference_id":"CVE-2009-2044;OSVDB-56471","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35280/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2044"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8bw-rpmc-a3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2305?format=json","vulnerability_id":"VCID-t9c8-vmrx-qyet","summary":"Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5833","reference_id":"","reference_type":"","scores":[{"value":"0.01433","scoring_system":"epss","scoring_elements":"0.8102","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5833"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635","reference_id":"877635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833","reference_id":"CVE-2012-5833","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106","reference_id":"mfsa2012-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5833"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c8-vmrx-qyet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2617?format=json","vulnerability_id":"VCID-tc58-ttgn-9bh4","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3070","reference_id":"","reference_type":"","scores":[{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88693","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521686","reference_id":"521686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070","reference_id":"CVE-2009-3070","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3070"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3070"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc58-ttgn-9bh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2405?format=json","vulnerability_id":"VCID-tddk-3t9a-pkhc","summary":"Security Researcher Mike Brooks of Sitewatch reported that\nif multiple Content Security Policy (CSP) headers are present on a page, they\nhave an additive effect page policy. Using carriage return line feed (CRLF)\ninjection, a new CSP rule can be introduced which allows for cross-site\nscripting (XSS) on sites with a separate header injection vulnerability.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0451.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0451","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43362","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803114","reference_id":"803114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451","reference_id":"CVE-2012-0451","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0451"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15","reference_id":"mfsa2012-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0451"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tddk-3t9a-pkhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2392?format=json","vulnerability_id":"VCID-tgxk-1qvp-nuf7","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0467.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0467","reference_id":"","reference_type":"","scores":[{"value":"0.02405","scoring_system":"epss","scoring_elements":"0.85361","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000","reference_id":"815000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467","reference_id":"CVE-2012-0467","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20","reference_id":"mfsa2012-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0467"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgxk-1qvp-nuf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2439?format=json","vulnerability_id":"VCID-tj2u-5d7b-pfbc","summary":"Justin Schuh and Tom Cross of the\nIBM X-Force and Peter Williams of IBM Watson Labs reported\nerrors in Mozilla URL parsing routines.  These errors could be exploited\nusing a specially crafted UTF-8 URL in a hyperlink which could overflow\na stack buffer and allow an attacker to execute arbitrary code.Firefox 3 is not affected by this issue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0016","reference_id":"","reference_type":"","scores":[{"value":"0.48604","scoring_system":"epss","scoring_elements":"0.97807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463181","reference_id":"463181","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016","reference_id":"CVE-2008-0016","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0016"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py","reference_id":"CVE-2008-0016;OSVDB-48780","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9663.py"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-37","reference_id":"mfsa2008-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-0016"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tj2u-5d7b-pfbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151037?format=json","vulnerability_id":"VCID-tje5-65sx-wyep","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2043","reference_id":"","reference_type":"","scores":[{"value":"0.03735","scoring_system":"epss","scoring_elements":"0.88206","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2043"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt","reference_id":"CVE-2009-2043;OSVDB-55197","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33042.txt"},{"reference_url":"https://www.securityfocus.com/bid/35413/info","reference_id":"CVE-2009-2043;OSVDB-55197","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35413/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2043"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tje5-65sx-wyep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159449?format=json","vulnerability_id":"VCID-tnj7-zm3j-33de","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3866","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.6217","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3866"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3866"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnj7-zm3j-33de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2656?format=json","vulnerability_id":"VCID-tnjp-k3mu-j7gk","summary":"Security researcher Attila Suszter reported that\nwhen a page contains a Flash object which presents a slow script\ndialog, and the page is navigated while the dialog is still visible to\nthe user, the Flash plugin is unloaded resulting in a crash due to a\ncall to the deleted object.  This crash could potentially be used by\nan attacker to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2467.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2467","reference_id":"","reference_type":"","scores":[{"value":"0.05189","scoring_system":"epss","scoring_elements":"0.90088","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512137","reference_id":"512137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467","reference_id":"CVE-2009-2467","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2467"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-35","reference_id":"mfsa2009-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2467"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnjp-k3mu-j7gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2490?format=json","vulnerability_id":"VCID-tp6x-cmys-b7e4","summary":"Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu.  The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on.  This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3837","reference_id":"","reference_type":"","scores":[{"value":"0.03669","scoring_system":"epss","scoring_elements":"0.88106","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463189","reference_id":"463189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837","reference_id":"CVE-2008-3837","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3837"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-40","reference_id":"mfsa2008-40","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-3837"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp6x-cmys-b7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2316?format=json","vulnerability_id":"VCID-tr2a-sx41-p3hj","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5839","reference_id":"","reference_type":"","scores":[{"value":"0.02828","scoring_system":"epss","scoring_elements":"0.86442","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839","reference_id":"CVE-2012-5839","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5839"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tr2a-sx41-p3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=json","vulnerability_id":"VCID-tr7s-z4p8-jbdn","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway <option> elements are inserted into a XUL\ntree <optgroup>.  In certain cases, the number of\nreferences to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used.  An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0176","reference_id":"","reference_type":"","scores":[{"value":"0.05361","scoring_system":"epss","scoring_elements":"0.90248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578150","reference_id":"578150","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176","reference_id":"CVE-2010-0176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18","reference_id":"mfsa2010-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0333","reference_id":"RHSA-2010:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0176"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tr7s-z4p8-jbdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2247?format=json","vulnerability_id":"VCID-ttgr-vdhk-wkfv","summary":"Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. \nSecurity researcher Gareth Heyes also blogged about a Firefox 16 only symptom that is fixed in the updated versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4192.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4192","reference_id":"","reference_type":"","scores":[{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75519","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=865283","reference_id":"865283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=865283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192","reference_id":"CVE-2012-4192","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89","reference_id":"mfsa2012-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-89"},{"reference_url":"https://usn.ubuntu.com/1608-1/","reference_id":"USN-1608-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1608-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4192"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttgr-vdhk-wkfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2610?format=json","vulnerability_id":"VCID-twsq-62p4-xkgx","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1833.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1833","reference_id":"","reference_type":"","scores":[{"value":"0.1037","scoring_system":"epss","scoring_elements":"0.93338","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1833"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503570","reference_id":"503570","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833","reference_id":"CVE-2009-1833","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24","reference_id":"mfsa2009-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1833"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twsq-62p4-xkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2231?format=json","vulnerability_id":"VCID-txhq-ft2z-6yck","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1212","reference_id":"","reference_type":"","scores":[{"value":"0.02028","scoring_system":"epss","scoring_elements":"0.84106","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615456","reference_id":"615456","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212","reference_id":"CVE-2010-1212","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1212"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34","reference_id":"mfsa2010-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1212"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txhq-ft2z-6yck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2228?format=json","vulnerability_id":"VCID-tyd4-qfv6-cqer","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that JavaScript arrays were\nvulnerable to an integer overflow vulnerability. The report\ndemonstrated that an array could be constructed containing a very\nlarge number of items such that when memory was allocated to store the\narray items, the integer value used to calculate the buffer size would\noverflow resulting in too small a buffer being allocated. Subsequent\nuse of the array object could then result in data being written past\nthe end of the buffer and causing memory corruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3767","reference_id":"","reference_type":"","scores":[{"value":"0.04617","scoring_system":"epss","scoring_elements":"0.89448","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660431","reference_id":"660431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660431"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767","reference_id":"CVE-2010-3767","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-81","reference_id":"mfsa2010-81","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-81"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0967","reference_id":"RHSA-2010:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0968","reference_id":"RHSA-2010:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0968"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3767"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tyd4-qfv6-cqer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2156?format=json","vulnerability_id":"VCID-u2rw-8k5w-83ak","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that\nwhen window.__lookupGetter__ is called with no arguments\nthe code assumes the top JavaScript stack value is a property name.\nSince there were no arguments passed into the function, the top value\ncould represent uninitialized memory or a pointer to a previously\nfreed JavaScript object.  Under such circumstances the value is passed\nto another subroutine which calls through the dangling pointer,\npotentially executing attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3183","reference_id":"","reference_type":"","scores":[{"value":"0.06976","scoring_system":"epss","scoring_elements":"0.91602","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642286","reference_id":"642286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183","reference_id":"CVE-2010-3183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-67","reference_id":"mfsa2010-67","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-67"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3183"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2rw-8k5w-83ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2844?format=json","vulnerability_id":"VCID-u2ry-dzed-5yc8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2983.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2983","reference_id":"","reference_type":"","scores":[{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.75221","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730523","reference_id":"730523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983","reference_id":"CVE-2011-2983","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1165","reference_id":"RHSA-2011:1165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1167","reference_id":"RHSA-2011:1167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1167"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2983"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2ry-dzed-5yc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2652?format=json","vulnerability_id":"VCID-u6e2-wfx5-r3cu","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3979","reference_id":"","reference_type":"","scores":[{"value":"0.05076","scoring_system":"epss","scoring_elements":"0.89965","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3979"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=546694","reference_id":"546694","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=546694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979","reference_id":"CVE-2009-3979","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1673","reference_id":"RHSA-2009:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1674","reference_id":"RHSA-2009:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/873-1/","reference_id":"USN-873-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/873-1/"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3979"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u6e2-wfx5-r3cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2218?format=json","vulnerability_id":"VCID-u9ed-ugwr-s3e7","summary":"Mozilla security researcher Georgi Guninski\nreported that when a SVG document which is served\nwith Content-Type: application/octet-stream is embedded\ninto another document via an <embed> tag\nwith type=\"image/svg+xml\", the Content-Type is ignored\nand the SVG document is processed normally.  A website which allows\narbitrary binary data to be uploaded but which relies\non Content-Type: application/octet-stream to prevent\nscript execution could have such protection bypassed.  An attacker\ncould upload a SVG document containing JavaScript as a binary file to\na website, embed the SVG document into a malicious page on another\nsite, and gain access to the script environment from the SVG-serving\nsite, bypassing the same-origin policy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0162","reference_id":"","reference_type":"","scores":[{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.7844","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566052","reference_id":"566052","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162","reference_id":"CVE-2010-0162","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-05","reference_id":"mfsa2010-05","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0112","reference_id":"RHSA-2010:0112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0112"},{"reference_url":"https://usn.ubuntu.com/895-1/","reference_id":"USN-895-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/895-1/"},{"reference_url":"https://usn.ubuntu.com/896-1/","reference_id":"USN-896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0162"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9ed-ugwr-s3e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2851?format=json","vulnerability_id":"VCID-ubew-6znz-akgq","summary":"Security researcher Soroush Dalili reported that\nthe resource: protocol could be exploited to allow directory traversal\non Windows and the potential loading of resources from non-permitted\nlocations. The impact would depend on whether interesting files existed\nin predictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0071","reference_id":"","reference_type":"","scores":[{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700635","reference_id":"700635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071","reference_id":"CVE-2011-0071","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16","reference_id":"mfsa2011-16","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0071"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubew-6znz-akgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2401?format=json","vulnerability_id":"VCID-ucau-25n2-fqau","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0464","reference_id":"","reference_type":"","scores":[{"value":"0.01568","scoring_system":"epss","scoring_elements":"0.81856","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109","reference_id":"803109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=803109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464","reference_id":"CVE-2012-0464","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0464"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19","reference_id":"mfsa2012-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0387","reference_id":"RHSA-2012:0387","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0387"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0388","reference_id":"RHSA-2012:0388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0388"},{"reference_url":"https://usn.ubuntu.com/1400-1/","reference_id":"USN-1400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-1/"},{"reference_url":"https://usn.ubuntu.com/1400-3/","reference_id":"USN-1400-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1400-3/"},{"reference_url":"https://usn.ubuntu.com/1401-1/","reference_id":"USN-1401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-1/"},{"reference_url":"https://usn.ubuntu.com/1401-2/","reference_id":"USN-1401-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1401-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0464"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucau-25n2-fqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2596?format=json","vulnerability_id":"VCID-ucht-xzab-3ffh","summary":"Security researcher PenPal reported a crash\ninvolving a SVG element on which a watch function\nand __defineSetter__ function have been set for a\nparticular property.  The crash showed evidence of memory corruption\nand could potentially be used by an attacker to run arbitrary code on\na victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2469","reference_id":"","reference_type":"","scores":[{"value":"0.0647","scoring_system":"epss","scoring_elements":"0.91246","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512142","reference_id":"512142","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469","reference_id":"CVE-2009-2469","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2469"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-37","reference_id":"mfsa2009-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2469"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucht-xzab-3ffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2597?format=json","vulnerability_id":"VCID-ufrj-d9va-hbbg","summary":"Mozilla developer Daniel Veditz reported that when\nthe jar: scheme is used to wrap a URI which serves the\ncontent with Content-Disposition: attachment, the HTTP\nheader is ignored and the content is unpacked and displayed inline.  A\nsite may depend on this HTTP header to prevent potentially untrusted\ncontent that it serves from executing within the context of the site.\nAn attacker could use this vulnerability to subvert sites using this\nmechanism to mitigate content injection attacks.This vulnerability has not been fixed on the Mozilla 1.8.1 branch,\nwhich is used to build Firefox 2 and Thunderbird 2.  However, note\nthat there are several mitigating factors which prevent easy\nexploitation of this issue.  In order for a website to be exploitable\nit must:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1306","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83308","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496262","reference_id":"496262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496262"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306","reference_id":"CVE-2009-1306","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-16","reference_id":"mfsa2009-16","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1306"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufrj-d9va-hbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2801?format=json","vulnerability_id":"VCID-ugms-66q9-zfcf","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0081","reference_id":"","reference_type":"","scores":[{"value":"0.04704","scoring_system":"epss","scoring_elements":"0.89551","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0081"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700676","reference_id":"700676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081","reference_id":"CVE-2011-0081","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0081"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugms-66q9-zfcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2391?format=json","vulnerability_id":"VCID-ujwd-uhhy-4kfp","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0468.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0468","reference_id":"","reference_type":"","scores":[{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85514","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0468"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000","reference_id":"815000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468","reference_id":"CVE-2012-0468","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20","reference_id":"mfsa2012-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0468"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujwd-uhhy-4kfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2258?format=json","vulnerability_id":"VCID-up5d-dcg6-3fab","summary":"Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.\nUpdate October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1956","reference_id":"","reference_type":"","scores":[{"value":"0.00743","scoring_system":"epss","scoring_elements":"0.73365","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851912","reference_id":"851912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956","reference_id":"CVE-2012-1956","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-59","reference_id":"mfsa2012-59","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-59"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1956"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-up5d-dcg6-3fab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2240?format=json","vulnerability_id":"VCID-uq1p-rt3j-z3cf","summary":"Using the Address Sanitizer tool, Mozilla security researcher\nChristoph Diehl discovered two memory corruption issues\ninvolving the Graphite 2 library used in Mozilla products. Both of these issues\ncan cause a potentially exploitable crash. These problems were fixed in the\nGraphite 2 library, which has been updated for Mozilla products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3971","reference_id":"","reference_type":"","scores":[{"value":"0.03136","scoring_system":"epss","scoring_elements":"0.87121","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851923","reference_id":"851923","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971","reference_id":"CVE-2012-3971","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-64","reference_id":"mfsa2012-64","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-64"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3971"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uq1p-rt3j-z3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2300?format=json","vulnerability_id":"VCID-ur8y-8uah-dkhf","summary":"Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4205","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74329","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877625","reference_id":"877625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205","reference_id":"CVE-2012-4205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97","reference_id":"mfsa2012-97","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-97"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4205"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ur8y-8uah-dkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2310?format=json","vulnerability_id":"VCID-uuzp-xmx5-e7c4","summary":"Security researchers Mario Gomes and Soroush\nDalili reported that since Mozilla allows the pseudo-protocol feed: to prefix any valid URL, it is possible to construct feed:javascript: URLs that will execute scripts in some contexts. On some sites it may be possible to use this to evade output filtering that would otherwise strip javascript: URLs and thus contribute to cross-site scripting (XSS) problems on these sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1965","reference_id":"","reference_type":"","scores":[{"value":"0.01216","scoring_system":"epss","scoring_elements":"0.79353","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840225","reference_id":"840225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965","reference_id":"CVE-2012-1965","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55","reference_id":"mfsa2012-55","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-55"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1965"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuzp-xmx5-e7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2898?format=json","vulnerability_id":"VCID-uwxn-2akc-aud1","summary":"Security researcher Aki Helin reported a potentially\nexploitable crash in the YARR regular expression library used by JavaScript.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3232","reference_id":"","reference_type":"","scores":[{"value":"0.07734","scoring_system":"epss","scoring_elements":"0.9208","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232","reference_id":"CVE-2011-3232","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-42","reference_id":"mfsa2011-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-42"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3232"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwxn-2akc-aud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2168?format=json","vulnerability_id":"VCID-uxfr-dz5s-kfdz","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3075","reference_id":"","reference_type":"","scores":[{"value":"0.06395","scoring_system":"epss","scoring_elements":"0.91186","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521691","reference_id":"521691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075","reference_id":"CVE-2009-3075","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3075"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47","reference_id":"mfsa2009-47","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-47"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1430","reference_id":"RHSA-2009:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1431","reference_id":"RHSA-2009:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1432","reference_id":"RHSA-2009:1432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/821-1/","reference_id":"USN-821-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/821-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3075"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxfr-dz5s-kfdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2624?format=json","vulnerability_id":"VCID-v1gt-2387-67dw","summary":"Security researcher Dan Kaminsky reported an\ninteger overflow in the Theora video library.  A video's dimensions\nwere being multiplied together and used in particular memory\nallocations.  When the video dimensions were sufficiently large, the\nmultiplication could overflow a 32-bit integer resulting in too small\na memory buffer being allocated for the video.  An attacker could use\na specially crafted video to write data past the bounds of this\nbuffer, causing a crash and potentially running arbitrary code on a\nvictim's computer.Mozilla intern David Keeler also independently\nreported this issue as well as an additional crash which was\ndetermined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine\nin Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these\nproducts were not affected.These bugs were fixed upstream in Theora version 1.1\n(\"Thusnelda\") but the older version used in Firefox 3.5 needed this\npatch.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3389","reference_id":"","reference_type":"","scores":[{"value":"0.0553","scoring_system":"epss","scoring_elements":"0.90416","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=548541","reference_id":"548541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=548541"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950","reference_id":"572950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389","reference_id":"CVE-2009-3389","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201312-04","reference_id":"GLSA-201312-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-67","reference_id":"mfsa2009-67","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-67"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3389"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1gt-2387-67dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2888?format=json","vulnerability_id":"VCID-v6tm-cudb-vkb1","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled,, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2997","reference_id":"","reference_type":"","scores":[{"value":"0.04198","scoring_system":"epss","scoring_elements":"0.88921","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2997"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997","reference_id":"CVE-2011-2997","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36","reference_id":"mfsa2011-36","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-36"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2997"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6tm-cudb-vkb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2198?format=json","vulnerability_id":"VCID-v7hg-tmdv-k7e8","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the fix\nfor CVE-2010-0179\ncould be circumvented permitting the execution of arbitrary JavaScript\nwith chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3773","reference_id":"","reference_type":"","scores":[{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77836","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660435","reference_id":"660435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773","reference_id":"CVE-2010-3773","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82","reference_id":"mfsa2010-82","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3773"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7hg-tmdv-k7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2146?format=json","vulnerability_id":"VCID-v91k-76fs-pbdd","summary":"Security researcher wushi of team509 reported a\nheap buffer overflow in code routines responsible for transforming\ntext runs.  A page could be constructed with a bidirectional text run\nwhich upon reflow could result in an incorrect length being calculated\nfor the run of text.  When this value is subsequently used to allocate\nmemory for the text too small a buffer may be created potentially\nresulting in a buffer overflow and the execution of attacker\ncontrolled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3166","reference_id":"","reference_type":"","scores":[{"value":"0.05962","scoring_system":"epss","scoring_elements":"0.90819","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3166"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630061","reference_id":"630061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630061"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166","reference_id":"CVE-2010-3166","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-53","reference_id":"mfsa2010-53","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3166"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v91k-76fs-pbdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2287?format=json","vulnerability_id":"VCID-v9sq-2u6p-dfec","summary":"Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. Details for each of the current fixed issues are below.\n\nThunderbird is only affected by window.location issues through RSS feeds and extensions that load web content.Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4194.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4194","reference_id":"","reference_type":"","scores":[{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80479","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4194"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893","reference_id":"869893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194","reference_id":"CVE-2012-4194","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90","reference_id":"mfsa2012-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1407","reference_id":"RHSA-2012:1407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1413","reference_id":"RHSA-2012:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1413"},{"reference_url":"https://usn.ubuntu.com/1620-1/","reference_id":"USN-1620-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-1/"},{"reference_url":"https://usn.ubuntu.com/1620-2/","reference_id":"USN-1620-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1620-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4194"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9sq-2u6p-dfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2332?format=json","vulnerability_id":"VCID-vdr2-62nz-kqbc","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1972.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1972","reference_id":"","reference_type":"","scores":[{"value":"0.03305","scoring_system":"epss","scoring_elements":"0.87464","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1972"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972","reference_id":"CVE-2012-1972","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1972"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdr2-62nz-kqbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2366?format=json","vulnerability_id":"VCID-vegx-5hzk-qbak","summary":"Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1941","reference_id":"","reference_type":"","scores":[{"value":"0.06289","scoring_system":"epss","scoring_elements":"0.91097","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1941"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843","reference_id":"827843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941","reference_id":"CVE-2012-1941","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40","reference_id":"mfsa2012-40","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0710","reference_id":"RHSA-2012:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0715","reference_id":"RHSA-2012:0715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0715"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1941"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vegx-5hzk-qbak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2671?format=json","vulnerability_id":"VCID-veuq-5jdf-tfcr","summary":"Moxie Marlinspike reported a heap overflow vulnerability\nin the code that handles regular expressions in certificate names. This\nvulnerability could be used to compromise the browser and run arbitrary code\nby presenting a specially crafted certificate to the client. This code\nprovided compatibility with the non-standard regular expression syntax\nhistorically supported by Netscape clients and servers. With version 3.5\nFirefox switched to the more limited industry-standard wildcard syntax\ninstead and is not vulnerable to this flaw.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2404","reference_id":"","reference_type":"","scores":[{"value":"0.21024","scoring_system":"epss","scoring_elements":"0.95752","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2404"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512912","reference_id":"512912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512912"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934","reference_id":"539934","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404","reference_id":"CVE-2009-2404","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-43","reference_id":"mfsa2009-43","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1184","reference_id":"RHSA-2009:1184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1185","reference_id":"RHSA-2009:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1186","reference_id":"RHSA-2009:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1190","reference_id":"RHSA-2009:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1207","reference_id":"RHSA-2009:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1207"},{"reference_url":"https://usn.ubuntu.com/810-1/","reference_id":"USN-810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2404"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-veuq-5jdf-tfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2407?format=json","vulnerability_id":"VCID-vfss-5cfk-dqc3","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1949.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1949","reference_id":"","reference_type":"","scores":[{"value":"0.03749","scoring_system":"epss","scoring_elements":"0.88227","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1949"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021281","reference_id":"2021281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949","reference_id":"CVE-2012-1949","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42","reference_id":"mfsa2012-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-42"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1949"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfss-5cfk-dqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2162?format=json","vulnerability_id":"VCID-vfu5-uhhe-b3c1","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1203","reference_id":"","reference_type":"","scores":[{"value":"0.05221","scoring_system":"epss","scoring_elements":"0.90116","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1203"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590816","reference_id":"590816","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203","reference_id":"CVE-2010-1203","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1203"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26","reference_id":"mfsa2010-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0500","reference_id":"RHSA-2010:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0501","reference_id":"RHSA-2010:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0501"},{"reference_url":"https://usn.ubuntu.com/930-1/","reference_id":"USN-930-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-1/"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/943-1/","reference_id":"USN-943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1203"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfu5-uhhe-b3c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2621?format=json","vulnerability_id":"VCID-vgpk-ywkp-cyaq","summary":"Firefox user zbyte reported a crash that we determined\ncould result in an exploitable memory corruption problem. In certain cases\nafter a return from a native function, such as escape(), the\nJust-in-Time (JIT) compiler could get into a corrupt state. This could be\nexploited by an attacker to run arbitrary code such as installing malware.\nWe would like to thank community members Lucas\nKruijswijk and Nochum Sossonko for isolating\nthe problematic script from the original crashing site.\nThis vulnerability does not affect earlier versions of Firefox which\ndo not support the JIT feature.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2477","reference_id":"","reference_type":"","scores":[{"value":"0.83306","scoring_system":"epss","scoring_elements":"0.99286","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228","reference_id":"511228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511228"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477","reference_id":"CVE-2009-2477","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2477"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html","reference_id":"CVE-2009-2477","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40936.html"},{"reference_url":"https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/","reference_id":"CVE-2009-2477","reference_type":"exploit","scores":[],"url":"https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb","reference_id":"CVE-2009-2477;OSVDB-55846","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16299.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl","reference_id":"CVE-2009-2477;OSVDB-55846","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9214.pl"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-41","reference_id":"mfsa2009-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-41"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html","reference_id":"OSVDB-55932;CVE-2009-2478;OSVDB-55846;CVE-2009-2477","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/9137.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2477"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgpk-ywkp-cyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2802?format=json","vulnerability_id":"VCID-vnsr-zayr-rycr","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0069","reference_id":"","reference_type":"","scores":[{"value":"0.04133","scoring_system":"epss","scoring_elements":"0.88839","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700642","reference_id":"700642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700642"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069","reference_id":"CVE-2011-0069","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1121-1/","reference_id":"USN-1121-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1121-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0069"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnsr-zayr-rycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2900?format=json","vulnerability_id":"VCID-vp8w-pvrp-7kfn","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat it was possible for a non-whitelisted site to trigger an install\ndialog for add-ons and themes.This vulnerability was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2370","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54393","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370","reference_id":"CVE-2011-2370","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-28","reference_id":"mfsa2011-28","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-28"},{"reference_url":"https://usn.ubuntu.com/1157-1/","reference_id":"USN-1157-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1157-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2370"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vp8w-pvrp-7kfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2359?format=json","vulnerability_id":"VCID-vqjg-6r7v-skg8","summary":"Security researcher Jeroen van der Gun reported that if RSS\nor Atom XML invalid content is loaded over HTTPS, the addressbar updates to\ndisplay the new location of the loaded resource, including SSL indicators, while\nthe main window still displays the previously loaded content. This allows for\nphishing attacks where a malicious page can spoof the identify of another\nseemingly secure site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0479","reference_id":"","reference_type":"","scores":[{"value":"0.00775","scoring_system":"epss","scoring_elements":"0.7397","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815044","reference_id":"815044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479","reference_id":"CVE-2012-0479","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33","reference_id":"mfsa2012-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0479"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqjg-6r7v-skg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2422?format=json","vulnerability_id":"VCID-vuz7-kx9u-vye9","summary":"Kojima Hajime reported that unlike literal null\ncharacters which were handled correctly, the escaped form '\\0'\nwas ignored by the CSS parser and treated as if it was not present in\nthe CSS input string.  This issue could potentially be used to bypass\nscript sanitization routines in web applications.  The severity of\nthis issue was determined to be low.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5510.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5510","reference_id":"","reference_type":"","scores":[{"value":"0.01018","scoring_system":"epss","scoring_elements":"0.77541","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5510"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=476283","reference_id":"476283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=476283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510","reference_id":"CVE-2008-5510","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5510"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-67","reference_id":"mfsa2008-67","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-67"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:1036","reference_id":"RHSA-2008:1036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:1036"},{"reference_url":"https://usn.ubuntu.com/690-1/","reference_id":"USN-690-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-1/"},{"reference_url":"https://usn.ubuntu.com/690-2/","reference_id":"USN-690-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/690-2/"},{"reference_url":"https://usn.ubuntu.com/701-1/","reference_id":"USN-701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/701-1/"},{"reference_url":"https://usn.ubuntu.com/717-3/","reference_id":"USN-717-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/717-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-5510"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vuz7-kx9u-vye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155729?format=json","vulnerability_id":"VCID-vvvg-v3rb-hybf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3400","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47717","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3400"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3400"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvvg-v3rb-hybf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2185?format=json","vulnerability_id":"VCID-w13f-sddd-nfan","summary":"Google security researcher Michal Zalewski\nreported that when a window was opened to a site resulting in a\nnetwork or certificate error page, the opening site could access the\ndocument inside the opened window and inject arbitrary content.  An\nattacker could use this bug to spoof the location bar and trick a user\ninto thinking they were on a different site than they actually\nwere.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3774","reference_id":"","reference_type":"","scores":[{"value":"0.01015","scoring_system":"epss","scoring_elements":"0.77503","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660438","reference_id":"660438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774","reference_id":"CVE-2010-3774","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-83","reference_id":"mfsa2010-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3774"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w13f-sddd-nfan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2154?format=json","vulnerability_id":"VCID-w2pm-349a-ayc4","summary":"Mozilla security researcher moz_bug_r_a4 reported\nthat the XMLHttpRequestSpy module in the Firebug add-on was exposing\nan underlying chrome privilege escalation vulnerability.  When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects.  This could result in an attacker running arbitrary\nJavaScript on a victim's machine, though it required the victim to\nhave Firebug installed, so the overall severity of the issue was\ndetermined to be High.This vulnerability does not affect Firefox 3.6","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0179","reference_id":"","reference_type":"","scores":[{"value":"0.00723","scoring_system":"epss","scoring_elements":"0.72911","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578155","reference_id":"578155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179","reference_id":"CVE-2010-0179","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-21","reference_id":"mfsa2010-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82","reference_id":"mfsa2010-82","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-82"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0179"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2pm-349a-ayc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2312?format=json","vulnerability_id":"VCID-w4cg-33we-qfez","summary":"Using the Address Sanitizer tool, security researcher Aki\nHelin from OUSPG found that IDBKeyRange of indexedDB remains in the\nXPConnect hashtable instead of being unlinked before being destroyed. When it is\ndestroyed, this causes a use-after-free, which is potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0469","reference_id":"","reference_type":"","scores":[{"value":"0.17081","scoring_system":"epss","scoring_elements":"0.9512","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815019","reference_id":"815019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469","reference_id":"CVE-2012-0469","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22","reference_id":"mfsa2012-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0515","reference_id":"RHSA-2012:0515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0516","reference_id":"RHSA-2012:0516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0516"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0469"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4cg-33we-qfez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2798?format=json","vulnerability_id":"VCID-w8gw-dg3u-hbar","summary":"Mark Kaplan reported a potentially exploitable crash due to\ninteger underflow when using a large JavaScript RegExp expression.\nWe would also like to thank Mark for contributing the fix for this problem.\nThe Regular Expression engine was replaced in Firefox 4 and\nthe newer engine does not suffer from this bug.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2998","reference_id":"","reference_type":"","scores":[{"value":"0.03711","scoring_system":"epss","scoring_elements":"0.88177","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2998"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=741924","reference_id":"741924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=741924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998","reference_id":"CVE-2011-2998","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-37","reference_id":"mfsa2011-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1341","reference_id":"RHSA-2011:1341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1342","reference_id":"RHSA-2011:1342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1343","reference_id":"RHSA-2011:1343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1344","reference_id":"RHSA-2011:1344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1344"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2998"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8gw-dg3u-hbar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149242?format=json","vulnerability_id":"VCID-w8ke-esx1-x3hs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6961","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71245","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6961"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-6961"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ke-esx1-x3hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2655?format=json","vulnerability_id":"VCID-w9h1-ahqd-83de","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3982","reference_id":"","reference_type":"","scores":[{"value":"0.08287","scoring_system":"epss","scoring_elements":"0.92391","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982","reference_id":"CVE-2009-3982","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3982"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3982"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9h1-ahqd-83de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2208?format=json","vulnerability_id":"VCID-w9jx-nwdg-8yaw","summary":"Security researcher Paul Stone reported that a\nbrowser applet could be used to turn a simple mouse click into a\ndrag-and-drop action, potentially resulting in the unintended loading\nof resources in a user's browser.  This behavior could be used twice\nin succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL\non top of the same document resulting in arbitrary script execution\nwith chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0178","reference_id":"","reference_type":"","scores":[{"value":"0.03519","scoring_system":"epss","scoring_elements":"0.87854","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578154","reference_id":"578154","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178","reference_id":"CVE-2010-0178","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20","reference_id":"mfsa2010-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0332","reference_id":"RHSA-2010:0332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0332"},{"reference_url":"https://usn.ubuntu.com/920-1/","reference_id":"USN-920-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/920-1/"},{"reference_url":"https://usn.ubuntu.com/921-1/","reference_id":"USN-921-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/921-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0178"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9jx-nwdg-8yaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2901?format=json","vulnerability_id":"VCID-w9qp-qk2x-63gh","summary":"Mozilla developer Bas Schouten reported that the\nintroduction of the \"Azure\" graphics back-end on Windows in Firefox 7\nre-introduced the cross-origin data theft issue reported by\nnasalislarvatus3000 as described in \nMFSA 2011-29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3649","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49784","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3649"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649","reference_id":"CVE-2011-3649","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-50","reference_id":"mfsa2011-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-50"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3649"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9qp-qk2x-63gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2872?format=json","vulnerability_id":"VCID-wax4-bwfb-v3ff","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a method used\nby JSON.stringify contained a use-after-free error in\nwhich a currently in-use pointer was freed and subsequently\ndereferenced.  This could lead to arbitrary code execution if an\nattacker was able to store malicious code in the freed section of\nmemory.Mozilla developer Igor Bukanov also independently\ndiscovered and reported this issue two weeks after the initial\nreport was received.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0055.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0055","reference_id":"","reference_type":"","scores":[{"value":"0.03375","scoring_system":"epss","scoring_elements":"0.87592","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0055"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675090","reference_id":"675090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055","reference_id":"CVE-2011-0055","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-03","reference_id":"mfsa2011-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0055"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wax4-bwfb-v3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2216?format=json","vulnerability_id":"VCID-wdwg-avx6-fkhf","summary":"Security researcher wushi of team509 reported that\nthe frame construction process for certain types of menus could result\nin a menu containing a pointer to a previously freed menu item.\nDuring the cycle collection process, this freed item could be accessed,\nresulting in the execution of a section of code potentially controlled\nby an attacker.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0183","reference_id":"","reference_type":"","scores":[{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.9014","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590822","reference_id":"590822","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183","reference_id":"CVE-2010-0183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0183"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-27","reference_id":"mfsa2010-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0183"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdwg-avx6-fkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=json","vulnerability_id":"VCID-wh5f-gkuv-q3ep","summary":"Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0441","reference_id":"","reference_type":"","scores":[{"value":"0.03581","scoring_system":"epss","scoring_elements":"0.87953","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827833","reference_id":"827833","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441","reference_id":"CVE-2012-0441","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39","reference_id":"mfsa2012-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1090","reference_id":"RHSA-2012:1090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1091","reference_id":"RHSA-2012:1091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1091"},{"reference_url":"https://usn.ubuntu.com/1463-1/","reference_id":"USN-1463-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-1/"},{"reference_url":"https://usn.ubuntu.com/1463-4/","reference_id":"USN-1463-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-4/"},{"reference_url":"https://usn.ubuntu.com/1463-6/","reference_id":"USN-1463-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1463-6/"},{"reference_url":"https://usn.ubuntu.com/1540-1/","reference_id":"USN-1540-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1540-1/"},{"reference_url":"https://usn.ubuntu.com/1540-2/","reference_id":"USN-1540-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1540-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0441"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wh5f-gkuv-q3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2211?format=json","vulnerability_id":"VCID-wmbg-72ur-a7hd","summary":"Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument.  The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext.  The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate.  A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1206.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1206","reference_id":"","reference_type":"","scores":[{"value":"0.0046","scoring_system":"epss","scoring_elements":"0.64449","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1206"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=608763","reference_id":"608763","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=608763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206","reference_id":"CVE-2010-1206","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45","reference_id":"mfsa2010-45","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmbg-72ur-a7hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2809?format=json","vulnerability_id":"VCID-wns9-765d-tkg3","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0072.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0072","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.88942","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0072"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700622","reference_id":"700622","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072","reference_id":"CVE-2011-0072","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0072"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wns9-765d-tkg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2252?format=json","vulnerability_id":"VCID-wp6p-ce29-6fbm","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team discovered a series of use-after-free, buffer overflow, and\nout of bounds read issues using the Address Sanitizer tool in shipped software.\nThese issues are potentially exploitable, allowing for remote code execution.\nWe would also like to thank Abhishek for reporting two additional use-after-free\nflaws introduced during Firefox 16 development and fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4179","reference_id":"","reference_type":"","scores":[{"value":"0.06071","scoring_system":"epss","scoring_elements":"0.90906","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625","reference_id":"863625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179","reference_id":"CVE-2012-4179","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85","reference_id":"mfsa2012-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-4179"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wp6p-ce29-6fbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2847?format=json","vulnerability_id":"VCID-wp88-wpws-j7gg","summary":"Security researcher Mario Heiderich reported it was\npossible to use SVG animation accessKey events to detect\nkey strokes even when JavaScript was disabled. Since web pages can normally\ndetect key events through script and most users have scripting enabled this\ndoes not present a risk for most users. In contexts where the user knows\nscripting is disabled (reading mail, for example, or NoScript users) this\ncould allow a malicious web page to fool a user into interacting with\na prompt thinking it came from the browser or mail program.\n\nAccessing remote content is disabled by default When reading mail in\nThunderbird and SeaMonkey. Successfully capturing keystrokes remotely would\nrequire some social engineering to convince the user to turn it on.\n\nSVG animation is not supported in Thunderbird 3.1 or Firefox 3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3663","reference_id":"","reference_type":"","scores":[{"value":"0.00961","scoring_system":"epss","scoring_elements":"0.76838","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3663"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676","reference_id":"770676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663","reference_id":"CVE-2011-3663","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56","reference_id":"mfsa2011-56","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-56"},{"reference_url":"https://usn.ubuntu.com/1306-1/","reference_id":"USN-1306-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1306-1/"},{"reference_url":"https://usn.ubuntu.com/1343-1/","reference_id":"USN-1343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3663"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wp88-wpws-j7gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2665?format=json","vulnerability_id":"VCID-wqey-n4t3-87gy","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3380.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3380","reference_id":"","reference_type":"","scores":[{"value":"0.0364","scoring_system":"epss","scoring_elements":"0.88054","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3380"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530567","reference_id":"530567","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380","reference_id":"CVE-2009-3380","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64","reference_id":"mfsa2009-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1531","reference_id":"RHSA-2009:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3380"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqey-n4t3-87gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2330?format=json","vulnerability_id":"VCID-wtfj-hrtt-z7d9","summary":"Security researcher Mariusz Mlynski reported that when\nInstallTrigger fails, it throws an error wrapped in a Chrome Object Wrapper\n(COW) that fails to specify exposed properties. These can then be added to the\nresulting object by an attacker, allowing access to chrome privileged functions\nthrough script.\nWhile investigating this issue, Mozilla security researcher\nmoz_bug_r_a4 found that COW did not disallow accessing of\nproperties from a standard prototype in some situations, even when the original\nissue had been fixed.\nThese issues could allow for a cross-site scripting (XSS) attack or arbitrary\ncode execution. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3993.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3993","reference_id":"","reference_type":"","scores":[{"value":"0.8084","scoring_system":"epss","scoring_elements":"0.99169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3993"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623","reference_id":"863623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993","reference_id":"CVE-2012-3993","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb","reference_id":"CVE-2012-3993;OSVDB-96019;CVE-2013-1710","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb","reference_id":"CVE-2012-3993;OSVDB-96019;CVE-2013-1710","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83","reference_id":"mfsa2012-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1350","reference_id":"RHSA-2012:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1351","reference_id":"RHSA-2012:1351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1351"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3993"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtfj-hrtt-z7d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2836?format=json","vulnerability_id":"VCID-ww9s-mrbh-y7fx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2981.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2981","reference_id":"","reference_type":"","scores":[{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80324","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2981"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=730520","reference_id":"730520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981","reference_id":"CVE-2011-2981","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30","reference_id":"mfsa2011-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32","reference_id":"mfsa2011-32","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1164","reference_id":"RHSA-2011:1164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1164"},{"reference_url":"https://usn.ubuntu.com/1184-1/","reference_id":"USN-1184-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1184-1/"},{"reference_url":"https://usn.ubuntu.com/1185-1/","reference_id":"USN-1185-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1185-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2981"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww9s-mrbh-y7fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2308?format=json","vulnerability_id":"VCID-x145-u49m-yuh9","summary":"Security researcher Simone Fabiano reported that if a\ncross-site XHR or WebSocket is opened on a web server on a non-standard port for\nweb traffic while using an IPv6 address, the browser will send an ambiguous\norigin headers if the IPv6 address contains at least 2 consecutive 16-bit fields\nof zeroes. If there is an origin access control list that uses IPv6 literals,\nthis issue could be used to bypass these access controls on the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0475","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52594","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187","reference_id":"815187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475","reference_id":"CVE-2012-0475","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0475"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28","reference_id":"mfsa2012-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28"},{"reference_url":"https://usn.ubuntu.com/1430-1/","reference_id":"USN-1430-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-1/"},{"reference_url":"https://usn.ubuntu.com/1430-3/","reference_id":"USN-1430-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1430-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-0475"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x145-u49m-yuh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2173?format=json","vulnerability_id":"VCID-x2uy-apkf-pqed","summary":"Security researcher Sergey Glazunov reported a\ndangling pointer vulnerability in the implementation\nof navigator.plugins in which the navigator\nobject could retain a pointer to the plugins array even after it had\nbeen destroyed.  An attacker could potentially use this issue to crash\nthe browser and run arbitrary code on a victim's computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2767","reference_id":"","reference_type":"","scores":[{"value":"0.0476","scoring_system":"epss","scoring_elements":"0.89632","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630059","reference_id":"630059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767","reference_id":"CVE-2010-2767","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-51","reference_id":"mfsa2010-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2767"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2uy-apkf-pqed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2813?format=json","vulnerability_id":"VCID-x3e6-82ew-b7gd","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0062","reference_id":"","reference_type":"","scores":[{"value":"0.08433","scoring_system":"epss","scoring_elements":"0.92485","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675083","reference_id":"675083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675083"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062","reference_id":"CVE-2011-0062","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0062"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01","reference_id":"mfsa2011-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0310","reference_id":"RHSA-2011:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0311","reference_id":"RHSA-2011:0311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0311"},{"reference_url":"https://usn.ubuntu.com/1049-1/","reference_id":"USN-1049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1049-1/"},{"reference_url":"https://usn.ubuntu.com/1050-1/","reference_id":"USN-1050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1050-1/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0062"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x3e6-82ew-b7gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2670?format=json","vulnerability_id":"VCID-x7gc-qnmk-ebfk","summary":"Security researchers Adam Barth and Collin\nJackson reported that when a file: resource is\nloaded via the location bar it inherits the principal of the\npreviously loaded document.  This vulnerability can potentially give\nthe newly loaded document additional privileges to access the contents\nof other local files that it wouldn't otherwise have permission to read.\nA potential victim would first have to have downloaded the attackers\ndocument to their local machine. Then the victim would have to open another\ndocument in a directory of interest to the attacker before opening the\nattacker's file in the same window.\nPrior to version 3.0, Firefox (like browsers from other\nvendors) treated all local files as having the same origin without\nrestriction. This vulnerability is a partial bypass of the restrictions\nimplemented in Firefox 3.0","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1839","reference_id":"","reference_type":"","scores":[{"value":"0.15161","scoring_system":"epss","scoring_elements":"0.94725","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1839"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503581","reference_id":"503581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839","reference_id":"CVE-2009-1839","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html","reference_id":"CVE-2009-1839;OSVDB-55163","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/10544.html"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-30","reference_id":"mfsa2009-30","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1839"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7gc-qnmk-ebfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2653?format=json","vulnerability_id":"VCID-x8z2-s5wx-2ke4","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3980","reference_id":"","reference_type":"","scores":[{"value":"0.04407","scoring_system":"epss","scoring_elements":"0.89196","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980","reference_id":"CVE-2009-3980","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3980"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65","reference_id":"mfsa2009-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-65"},{"reference_url":"https://usn.ubuntu.com/874-1/","reference_id":"USN-874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/874-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3980"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8z2-s5wx-2ke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2905?format=json","vulnerability_id":"VCID-xa2f-3428-kkck","summary":"Michael Jordon of Context IS reported that in the ANGLE\nlibrary used by WebGL the return value from GrowAtomTable()\nwas not checked for errors. If an attacker could cause requests that\nexceeded the available memory those would fail and potentially lead\nto a buffer overrun as subsequent code wrote into the non-allocated space.\nBen Hawkes of the Google Security Team reported a WebGL\ntest case that demonstrated an out of bounds write after an allocation failed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3003","reference_id":"","reference_type":"","scores":[{"value":"0.01512","scoring_system":"epss","scoring_elements":"0.81534","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003","reference_id":"CVE-2011-3003","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41","reference_id":"mfsa2011-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-41"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3003"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xa2f-3428-kkck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2850?format=json","vulnerability_id":"VCID-xa69-rn7t-vfdn","summary":"sczimmer reported that Firefox crashed when loading\na particular .ogg file. This was due to a use-after-free\ncondition and could potentially be exploited to install malware.\nThis vulnerability does not affect Firefox 3.6 or earlier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3005","reference_id":"","reference_type":"","scores":[{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89087","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005","reference_id":"CVE-2011-3005","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-44","reference_id":"mfsa2011-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-44"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3005"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xa69-rn7t-vfdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2230?format=json","vulnerability_id":"VCID-xe4n-uxss-vfcu","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1211","reference_id":"","reference_type":"","scores":[{"value":"0.03871","scoring_system":"epss","scoring_elements":"0.88442","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1211"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615455","reference_id":"615455","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211","reference_id":"CVE-2010-1211","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34","reference_id":"mfsa2010-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0544","reference_id":"RHSA-2010:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0545","reference_id":"RHSA-2010:0545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0546","reference_id":"RHSA-2010:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1211"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xe4n-uxss-vfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2870?format=json","vulnerability_id":"VCID-xeum-pwvy-euhk","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2365","reference_id":"","reference_type":"","scores":[{"value":"0.02514","scoring_system":"epss","scoring_elements":"0.85669","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365","reference_id":"CVE-2011-2365","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2365"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2365"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xeum-pwvy-euhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2869?format=json","vulnerability_id":"VCID-xf4h-rten-nkbv","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2364","reference_id":"","reference_type":"","scores":[{"value":"0.0279","scoring_system":"epss","scoring_elements":"0.86358","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2364"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576","reference_id":"714576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=714576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364","reference_id":"CVE-2011-2364","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2364"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19","reference_id":"mfsa2011-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0885","reference_id":"RHSA-2011:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0886","reference_id":"RHSA-2011:0886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0887","reference_id":"RHSA-2011:0887","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0888","reference_id":"RHSA-2011:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0888"},{"reference_url":"https://usn.ubuntu.com/1149-1/","reference_id":"USN-1149-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1149-1/"},{"reference_url":"https://usn.ubuntu.com/1150-1/","reference_id":"USN-1150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-2364"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xf4h-rten-nkbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2873?format=json","vulnerability_id":"VCID-xhr9-3tgh-6ubu","summary":"Mozilla security researcher moz_bug_r_a4 reported that\nthe problem described in MFSA 2011-43 and fixed in\nFirefox 7 also affected Firefox 3.6: a malicious page could potentially\nexploit a Firefox user who had installed an add-on that used loadSubscript\nin vulnerable ways.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3647","reference_id":"","reference_type":"","scores":[{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73864","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3647"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751931","reference_id":"751931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647","reference_id":"CVE-2011-3647","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46","reference_id":"mfsa2011-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1437","reference_id":"RHSA-2011:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1439","reference_id":"RHSA-2011:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1439"},{"reference_url":"https://usn.ubuntu.com/1251-1/","reference_id":"USN-1251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1251-1/"},{"reference_url":"https://usn.ubuntu.com/1254-1/","reference_id":"USN-1254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1254-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3647"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhr9-3tgh-6ubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2295?format=json","vulnerability_id":"VCID-xk4x-pd18-akag","summary":"Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1951","reference_id":"","reference_type":"","scores":[{"value":"0.03397","scoring_system":"epss","scoring_elements":"0.87629","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1951"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205","reference_id":"840205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=840205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951","reference_id":"CVE-2012-1951","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44","reference_id":"mfsa2012-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1088","reference_id":"RHSA-2012:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1089","reference_id":"RHSA-2012:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1089"},{"reference_url":"https://usn.ubuntu.com/1509-1/","reference_id":"USN-1509-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1509-1/"},{"reference_url":"https://usn.ubuntu.com/1510-1/","reference_id":"USN-1510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1510-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-1951"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xk4x-pd18-akag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2631?format=json","vulnerability_id":"VCID-xq1u-e9aa-u3eq","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3378","reference_id":"","reference_type":"","scores":[{"value":"0.03284","scoring_system":"epss","scoring_elements":"0.8742","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743","reference_id":"552743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378","reference_id":"CVE-2009-3378","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3378"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-3378"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xq1u-e9aa-u3eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2172?format=json","vulnerability_id":"VCID-xs6r-rhtz-xqed","summary":"Mozilla developer Ehsan Akhgari reported that a\nfunction used to load external libraries on Windows platforms was\nusing a relative path to a DLL-loading application and was thus\nvulnerable to binary planting if an attacker was able to place an\nexecutable of the same name in the current working directory or any of\nthe other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to\nlaunch Mozilla applications on Linux was effectively including the\ncurrent working directory in the LD_LIBRARY_PATH\nenvironment variable.  If an attacker was able to place into the\ncurrent working directory a malicious shared library with the same\nname as a library that the bootstrapping script depends on the\nattacker could have their library loaded instead of the legitimate\nlibrary.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3182","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23336","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642300","reference_id":"642300","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182","reference_id":"CVE-2010-3182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71","reference_id":"mfsa2010-71","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3182"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xs6r-rhtz-xqed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2808?format=json","vulnerability_id":"VCID-xsh3-a3gp-jqbj","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0078","reference_id":"","reference_type":"","scores":[{"value":"0.04216","scoring_system":"epss","scoring_elements":"0.88942","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0078"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700603","reference_id":"700603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078","reference_id":"CVE-2011-0078","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0078"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsh3-a3gp-jqbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2884?format=json","vulnerability_id":"VCID-xvbn-ap9n-gkh9","summary":"Marc Schoenefeld reported a crash when using Firebug\nto profile a JavaScript file with many functions. It may be possible\nto trigger this crash without the use of debugging APIs, and if so\nthis could be exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3650.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3650","reference_id":"","reference_type":"","scores":[{"value":"0.01271","scoring_system":"epss","scoring_elements":"0.7986","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3650"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751933","reference_id":"751933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650","reference_id":"CVE-2011-3650","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49","reference_id":"mfsa2011-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1437","reference_id":"RHSA-2011:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1439","reference_id":"RHSA-2011:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1439"},{"reference_url":"https://usn.ubuntu.com/1251-1/","reference_id":"USN-1251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1251-1/"},{"reference_url":"https://usn.ubuntu.com/1254-1/","reference_id":"USN-1254-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1254-1/"},{"reference_url":"https://usn.ubuntu.com/1277-1/","reference_id":"USN-1277-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1277-1/"},{"reference_url":"https://usn.ubuntu.com/1282-1/","reference_id":"USN-1282-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1282-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3650"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvbn-ap9n-gkh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2595?format=json","vulnerability_id":"VCID-xw62-txxw-zbfr","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2466","reference_id":"","reference_type":"","scores":[{"value":"0.05821","scoring_system":"epss","scoring_elements":"0.9069","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2466"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512136","reference_id":"512136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466","reference_id":"CVE-2009-2466","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2466"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2466"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw62-txxw-zbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2149?format=json","vulnerability_id":"VCID-xzez-e2ta-2ufk","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2760","reference_id":"","reference_type":"","scores":[{"value":"0.04467","scoring_system":"epss","scoring_elements":"0.89279","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630062","reference_id":"630062","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760","reference_id":"CVE-2010-2760","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2760"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54","reference_id":"mfsa2010-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0680","reference_id":"RHSA-2010:0680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0681","reference_id":"RHSA-2010:0681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0682","reference_id":"RHSA-2010:0682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0682"},{"reference_url":"https://usn.ubuntu.com/975-1/","reference_id":"USN-975-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/975-1/"},{"reference_url":"https://usn.ubuntu.com/978-1/","reference_id":"USN-978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-2760"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xzez-e2ta-2ufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2215?format=json","vulnerability_id":"VCID-y93j-bsr1-xqhp","summary":"Security researcher echo reported that a web page\ncould open a window with an about:blank location and then inject an\n<isindex> element into that page which upon submission would\nredirect to a chrome: document.  The effect of this defect was that\nthe original page would wind up with a reference to a\nchrome-privileged object, the opened window, which could be leveraged\nfor privilege escalation attacks.Mozilla security researcher moz_bug_r_a4 provided\nproof-of-concept code demonstrating how the above vulnerability could\nbe used to run arbitrary code with chrome privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3771","reference_id":"","reference_type":"","scores":[{"value":"0.02236","scoring_system":"epss","scoring_elements":"0.84853","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=660417","reference_id":"660417","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=660417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771","reference_id":"CVE-2010-3771","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-76","reference_id":"mfsa2010-76","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-76"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0966","reference_id":"RHSA-2010:0966","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0966"},{"reference_url":"https://usn.ubuntu.com/1019-1/","reference_id":"USN-1019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3771"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y93j-bsr1-xqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2663?format=json","vulnerability_id":"VCID-y9mx-my5e-6qbp","summary":"Developer and Mozilla community member Paolo\nAmadini reported that when saving the inner frame of a web\npage as a file when the outer page has POST data associated with it,\nthe POST data will be incorrectly sent to the URL of the inner frame.\nThis could potentially result in a user's sensitive data being sent to\na site for which it was not intended.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1311","reference_id":"","reference_type":"","scores":[{"value":"0.01175","scoring_system":"epss","scoring_elements":"0.79049","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496271","reference_id":"496271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311","reference_id":"CVE-2009-1311","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-21","reference_id":"mfsa2009-21","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1311"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9mx-my5e-6qbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2151?format=json","vulnerability_id":"VCID-ydbn-ay8s-fkd9","summary":"Security researcher Haifei Li of FortiGuard Labs\nreported that Firefox could be used to load a malicious code library\nthat had been planted on a victim's computer.  Firefox attempts to\nload dwmapi.dll upon startup as part of its platform detection, so on\nsystems that don't have this library, such as Windows XP, Firefox will\nsubsequently attempt to load the library from the current working\ndirectory. An attacker could use this vulnerability to trick a user\ninto downloading a HTML file and a malicious copy of dwmapi.dll into\nthe same directory on their computer and opening the HTML file with\nFirefox, thus causing the malicious code to be executed.  If the\nattacker was on the same network as the victim, the malicious DLL\ncould also be loaded via a UNC path. This DLL is only loaded at\nstartup so a successful attack requires that Firefox not currently\nbe running when it is asked to open the HTML\nfile and accompanying DLL.This issue was also independently reported to Mozilla\nby Acros Security.  After the issue became public a\nnumber of other community members contacted Mozilla to report the\nissue.Firefox users on Windows Vista or Windows 7\nwere not vulnerable to this attack because dwmapi.dll is part\nof the OS in Vista and later versions and the legitimate copy\nis successfully loaded by\nFirefox before attempting to load the planted DLL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3131","reference_id":"","reference_type":"","scores":[{"value":"0.10225","scoring_system":"epss","scoring_elements":"0.9328","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131","reference_id":"CVE-2010-3131","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c","reference_id":"CVE-2010-3131;OSVDB-67502","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14730.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c","reference_id":"CVE-2010-3131;OSVDB-67502","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14783.c"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-52","reference_id":"mfsa2010-52","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-3131"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydbn-ay8s-fkd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2608?format=json","vulnerability_id":"VCID-ydxj-aet2-m7b1","summary":"Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1392","reference_id":"","reference_type":"","scores":[{"value":"0.15734","scoring_system":"epss","scoring_elements":"0.94843","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1392"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503568","reference_id":"503568","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392","reference_id":"CVE-2009-1392","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24","reference_id":"mfsa2009-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1125","reference_id":"RHSA-2009:1125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1126","reference_id":"RHSA-2009:1126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1126"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"},{"reference_url":"https://usn.ubuntu.com/782-1/","reference_id":"USN-782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1392"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydxj-aet2-m7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2651?format=json","vulnerability_id":"VCID-yggq-y333-67cq","summary":"Mozilla community member Michael reported that\nwhen a server responds with a Refresh header containing a\njavascript: URI, Firefox will redirect to the javascript: URI.  If an\nattacker could inject a Refresh header into a server\nresponse, or could control the value that a site places in\nthe Refresh header, they could use this vulnerability to\nperform an XSS attack and execute arbitrary JavaScript within the\ncontext of that site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1312","reference_id":"","reference_type":"","scores":[{"value":"0.05662","scoring_system":"epss","scoring_elements":"0.90534","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496274","reference_id":"496274","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312","reference_id":"CVE-2009-1312","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt","reference_id":"CVE-2009-1312;OSVDB-53952","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32942.txt"},{"reference_url":"https://www.securityfocus.com/bid/34656/info","reference_id":"CVE-2009-1312;OSVDB-53952","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/34656/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-22","reference_id":"mfsa2009-22","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0437","reference_id":"RHSA-2009:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0437"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1312"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yggq-y333-67cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2226?format=json","vulnerability_id":"VCID-yn1v-ut2g-fufv","summary":"Security researcher Yosuke Hasegawa reported that\nthe Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript.  This is a violation of the same-origin policy and could\nbe used by an attacker to steal information from other sites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1213.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1213","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40136","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1213"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=615471","reference_id":"615471","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=615471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213","reference_id":"CVE-2010-1213","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42","reference_id":"mfsa2010-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0547","reference_id":"RHSA-2010:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0547"},{"reference_url":"https://usn.ubuntu.com/930-4/","reference_id":"USN-930-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/930-4/"},{"reference_url":"https://usn.ubuntu.com/957-1/","reference_id":"USN-957-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/957-1/"},{"reference_url":"https://usn.ubuntu.com/958-1/","reference_id":"USN-958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-1213"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn1v-ut2g-fufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2856?format=json","vulnerability_id":"VCID-ysfu-gcvc-33g9","summary":"David Rees reported that the JSSubScriptLoader (a\nfeature used by some add-ons) was \"unwrapping\" XPCNativeWrappers when they\nwere used as the scope parameter to loadSubScript(). Without\nthe protection of the wrappers the add-on could be vulnerable to privilege\nescalation attacks from malicious web content. Whether any given add-on\nwere vulnerable would depend on how the add-on used the feature\nand whether it interacted directly with web content, but we did find\nat least one vulnerable add-on and presume there are more.\nThe unwrapping behavior was a change introduced during Firefox 4\ndevelopment.  Firefox 3.6 and earlier versions are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3004","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54694","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751930","reference_id":"751930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004","reference_id":"CVE-2011-3004","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-43","reference_id":"mfsa2011-43","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-43"},{"reference_url":"https://usn.ubuntu.com/1222-1/","reference_id":"USN-1222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-3004"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysfu-gcvc-33g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2680?format=json","vulnerability_id":"VCID-yuz9-ee71-u7fa","summary":"Security researcher Gregory Fleischer reported\nthat local resources loaded via the file: protocol can\naccess any domain's cookies which have been saved on a user's machine.\nFleischer demonstrated that a local document's domain was being\ncalculated incorrectly from its URL.  If a victim could be persuaded\nto download a malicious file and then open that file in their browser,\nthe malicious file could then steal arbitrary cookies from the\nvictim's computer.  Due to the interaction required for this attack,\nthe severity of the issue was determined to be moderate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1835.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1835","reference_id":"","reference_type":"","scores":[{"value":"0.01548","scoring_system":"epss","scoring_elements":"0.81733","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=503576","reference_id":"503576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=503576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835","reference_id":"CVE-2009-1835","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26","reference_id":"mfsa2009-26","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1095","reference_id":"RHSA-2009:1095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1096","reference_id":"RHSA-2009:1096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1096"},{"reference_url":"https://usn.ubuntu.com/779-1/","reference_id":"USN-779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1835"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuz9-ee71-u7fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2661?format=json","vulnerability_id":"VCID-yvh6-rpbf-mka6","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0773","reference_id":"","reference_type":"","scores":[{"value":"0.09167","scoring_system":"epss","scoring_elements":"0.92841","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=488276","reference_id":"488276","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=488276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773","reference_id":"CVE-2009-0773","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07","reference_id":"mfsa2009-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0315","reference_id":"RHSA-2009:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0315"},{"reference_url":"https://usn.ubuntu.com/728-1/","reference_id":"USN-728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/728-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-0773"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvh6-rpbf-mka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2342?format=json","vulnerability_id":"VCID-za9a-ryqw-bfec","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3961","reference_id":"","reference_type":"","scores":[{"value":"0.02093","scoring_system":"epss","scoring_elements":"0.84347","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910","reference_id":"851910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=851910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961","reference_id":"CVE-2012-3961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58","reference_id":"mfsa2012-58","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1210","reference_id":"RHSA-2012:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1211","reference_id":"RHSA-2012:1211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1211"},{"reference_url":"https://usn.ubuntu.com/1548-1/","reference_id":"USN-1548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1548-1/"},{"reference_url":"https://usn.ubuntu.com/1551-1/","reference_id":"USN-1551-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1551-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3961"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-za9a-ryqw-bfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2487?format=json","vulnerability_id":"VCID-zhur-xexp-1faq","summary":"Microsoft developer Dave Reed reported that certain\nBOM characters are stripped from JavaScript code before it is executed.\nThis can lead to code, which would otherwise be treated as part of a quoted\nstring, to be executed.  The issue could potentially be used by an attacker\nto bypass or evade script filters and perform a cross-site scripting (XSS)\nattack. Chris Weber of Casaba Security independently\nreported the same issue, noting that the same parsing problem affected\nother attributes, such as the -moz-binding style property,\nthat could also be used to perform XSS attacks.\nSecurity researcher Gareth Heyes reported an issue with the HTML parser in which the parser ignored certain low surrogate characters if they were HTML-escaped.  This issue could potentially be used to bypass naive script filtering and used in an XSS attack.  This issue only affected Firefox 2.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4065.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4065","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80342","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463234","reference_id":"463234","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463234"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065","reference_id":"CVE-2008-4065","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4065"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43","reference_id":"mfsa2008-43","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0882","reference_id":"RHSA-2008:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0908","reference_id":"RHSA-2008:0908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0908"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4065"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhur-xexp-1faq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2806?format=json","vulnerability_id":"VCID-zkrh-qw8y-h3dg","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0075","reference_id":"","reference_type":"","scores":[{"value":"0.04133","scoring_system":"epss","scoring_elements":"0.88839","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0075"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=700615","reference_id":"700615","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=700615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075","reference_id":"CVE-2011-0075","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12","reference_id":"mfsa2011-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0471","reference_id":"RHSA-2011:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0473","reference_id":"RHSA-2011:0473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0474","reference_id":"RHSA-2011:0474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0475","reference_id":"RHSA-2011:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0475"},{"reference_url":"https://usn.ubuntu.com/1112-1/","reference_id":"USN-1112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1112-1/"},{"reference_url":"https://usn.ubuntu.com/1122-1/","reference_id":"USN-1122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-1/"},{"reference_url":"https://usn.ubuntu.com/1122-2/","reference_id":"USN-1122-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1122-2/"},{"reference_url":"https://usn.ubuntu.com/1123-1/","reference_id":"USN-1123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2011-0075"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkrh-qw8y-h3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2372?format=json","vulnerability_id":"VCID-zm2w-5awq-c7ed","summary":"Mozilla community member Ms2ger reported a crash due to an\ninvalid cast when using the instanceof operator on certain types of JavaScript\nobjects. This can lead to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3989","reference_id":"","reference_type":"","scores":[{"value":"0.00854","scoring_system":"epss","scoring_elements":"0.75301","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3989"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=863620","reference_id":"863620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=863620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989","reference_id":"CVE-2012-3989","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-80","reference_id":"mfsa2012-80","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-80"},{"reference_url":"https://usn.ubuntu.com/1600-1/","reference_id":"USN-1600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1600-1/"},{"reference_url":"https://usn.ubuntu.com/1611-1/","reference_id":"USN-1611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1611-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-3989"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zm2w-5awq-c7ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2317?format=json","vulnerability_id":"VCID-znv2-uacx-gbhy","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5840","reference_id":"","reference_type":"","scores":[{"value":"0.02337","scoring_system":"epss","scoring_elements":"0.85145","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5840"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634","reference_id":"877634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=877634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840","reference_id":"CVE-2012-5840","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105","reference_id":"mfsa2012-105","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1482","reference_id":"RHSA-2012:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1483","reference_id":"RHSA-2012:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1483"},{"reference_url":"https://usn.ubuntu.com/1636-1/","reference_id":"USN-1636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1636-1/"},{"reference_url":"https://usn.ubuntu.com/1638-1/","reference_id":"USN-1638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2012-5840"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znv2-uacx-gbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2170?format=json","vulnerability_id":"VCID-zp8z-8z1b-3fep","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2463.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2463","reference_id":"","reference_type":"","scores":[{"value":"0.04113","scoring_system":"epss","scoring_elements":"0.88807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2463"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=512131","reference_id":"512131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=512131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463","reference_id":"CVE-2009-2463","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1162","reference_id":"RHSA-2009:1162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1163","reference_id":"RHSA-2009:1163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0153","reference_id":"RHSA-2010:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0154","reference_id":"RHSA-2010:0154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0154"},{"reference_url":"https://usn.ubuntu.com/798-1/","reference_id":"USN-798-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/798-1/"},{"reference_url":"https://usn.ubuntu.com/915-1/","reference_id":"USN-915-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/915-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-2463"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zp8z-8z1b-3fep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2443?format=json","vulnerability_id":"VCID-zrhf-ryxe-9yca","summary":"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code.  This vulnerability only affected Firefox 3.David Maciejak of Fortinet's FortiGuard Global Security\nResearch Team also reported a crash in graphics rendering which only\naffected Firefox 3.Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4064","reference_id":"","reference_type":"","scores":[{"value":"0.02287","scoring_system":"epss","scoring_elements":"0.84999","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4064"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=463204","reference_id":"463204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=463204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064","reference_id":"CVE-2008-4064","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4064"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42","reference_id":"mfsa2008-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0879","reference_id":"RHSA-2008:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0879"},{"reference_url":"https://usn.ubuntu.com/645-1/","reference_id":"USN-645-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-1/"},{"reference_url":"https://usn.ubuntu.com/645-2/","reference_id":"USN-645-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/645-2/"},{"reference_url":"https://usn.ubuntu.com/647-1/","reference_id":"USN-647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2008-4064"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrhf-ryxe-9yca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2639?format=json","vulnerability_id":"VCID-zx6d-t279-j7aj","summary":"Security researcher Prateek Saxena reported that a\nmalicious MozSearch plugin could be created using a javascript: URI in\nthe SearchForm value.  This URI is used as the default\nlanding page when an empty search is performed.  If an attacker could\nget a user to install the malicious plugin and perform an empty\nsearch, the SearchForm javascript: URI would be executed\nwithin the context of the currently open page.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1310","reference_id":"","reference_type":"","scores":[{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75394","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-1310"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=496270","reference_id":"496270","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310","reference_id":"CVE-2009-1310","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-20","reference_id":"mfsa2009-20","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0436","reference_id":"RHSA-2009:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0436"},{"reference_url":"https://usn.ubuntu.com/764-1/","reference_id":"USN-764-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/764-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2009-1310"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zx6d-t279-j7aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2196?format=json","vulnerability_id":"VCID-zzu7-b5pp-67g3","summary":"Security researcher regenrecht reported (via TippingPoint's\nZero Day Initiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although\nno exploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0164","reference_id":"","reference_type":"","scores":[{"value":"0.07524","scoring_system":"epss","scoring_elements":"0.91953","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164","reference_id":"CVE-2010-0164","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-09","reference_id":"mfsa2010-09","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/194367?format=json","purl":"pkg:ebuild/www-client/icecat@2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194368?format=json","purl":"pkg:ebuild/www-client/icecat@2.14-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@2.14-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/194369?format=json","purl":"pkg:ebuild/www-client/icecat@3.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/194370?format=json","purl":"pkg:ebuild/www-client/icecat@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@10.0.11"}],"aliases":["CVE-2010-0164"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zzu7-b5pp-67g3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/icecat@3.14"}