{"url":"http://public2.vulnerablecode.io/api/packages/291935?format=json","purl":"pkg:rpm/redhat/xulrunner@17.0.10-1?arch=el6_4","type":"rpm","namespace":"redhat","name":"xulrunner","version":"17.0.10-1","qualifiers":{"arch":"el6_4"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2105?format=json","vulnerability_id":"VCID-3pne-hy5y-3kg8","summary":"Security researcher Nils used the Address Sanitizer tool\nwhile fuzzing to discover missing strong references in browsing engine leading\nto use-after-frees. This can lead to a potentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5599.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5599.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5599","reference_id":"","reference_type":"","scores":[{"value":"0.02688","scoring_system":"epss","scoring_elements":"0.86106","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5599"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023843","reference_id":"1023843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599","reference_id":"CVE-2013-5599","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-100","reference_id":"mfsa2013-100","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5599"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pne-hy5y-3kg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2106?format=json","vulnerability_id":"VCID-5ne5-rmxb-43c1","summary":"Security researcher Nils used the Address Sanitizer tool\nwhile fuzzing to discover missing strong references in browsing engine leading\nto use-after-frees. This can lead to a potentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5600.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5600","reference_id":"","reference_type":"","scores":[{"value":"0.02688","scoring_system":"epss","scoring_elements":"0.86106","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5600"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023843","reference_id":"1023843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600","reference_id":"CVE-2013-5600","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-100","reference_id":"mfsa2013-100","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ne5-rmxb-43c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1969?format=json","vulnerability_id":"VCID-6v9y-7z9k-bugc","summary":"Compiler Engineer Dan Gohman of Google discovered a flaw in\nthe JavaScript engine where memory was being incorrectly allocated for some\nfunctions and the calls for allocations were not always properly checked for\noverflow, leading to potential buffer overflows. When combined with other\nvulnerabilities, these flaws could be potentially exploitable.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5595.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5595","reference_id":"","reference_type":"","scores":[{"value":"0.02577","scoring_system":"epss","scoring_elements":"0.85811","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023839","reference_id":"1023839","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595","reference_id":"CVE-2013-5595","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-96","reference_id":"mfsa2013-96","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5595"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v9y-7z9k-bugc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2007?format=json","vulnerability_id":"VCID-bhwy-v49m-qqa8","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover an access\nviolation due to uninitialized data during Extensible Stylesheet Language\nTransformation (XSLT) processing. This leads to a potentially exploitable\ncrash. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5604.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5604.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5604","reference_id":"","reference_type":"","scores":[{"value":"0.06864","scoring_system":"epss","scoring_elements":"0.91505","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5604"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023863","reference_id":"1023863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604","reference_id":"CVE-2013-5604","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-95","reference_id":"mfsa2013-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-95"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5604"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhwy-v49m-qqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2008?format=json","vulnerability_id":"VCID-c2ra-nruc-cube","summary":"Security researcher Byoungyoung Lee of Georgia Tech\nInformation Security Center (GTISC) used the Address Sanitizer tool to discover\na use-after-free during state change events while updating the offline cache.\nThis leads to a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5597.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5597.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5597","reference_id":"","reference_type":"","scores":[{"value":"0.03629","scoring_system":"epss","scoring_elements":"0.88021","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5597"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023841","reference_id":"1023841","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597","reference_id":"CVE-2013-5597","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-98","reference_id":"mfsa2013-98","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-98"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5597"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2ra-nruc-cube"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2107?format=json","vulnerability_id":"VCID-gpa4-7mp7-s7fy","summary":"Security researcher Nils used the Address Sanitizer tool\nwhile fuzzing to discover missing strong references in browsing engine leading\nto use-after-frees. This can lead to a potentially exploitable crash. \nIn general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5601.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5601","reference_id":"","reference_type":"","scores":[{"value":"0.02688","scoring_system":"epss","scoring_elements":"0.86106","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5601"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023843","reference_id":"1023843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601","reference_id":"CVE-2013-5601","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-100","reference_id":"mfsa2013-100","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5601"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gpa4-7mp7-s7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1980?format=json","vulnerability_id":"VCID-hmbr-abcz-97g1","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5590","reference_id":"","reference_type":"","scores":[{"value":"0.02058","scoring_system":"epss","scoring_elements":"0.8418","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023835","reference_id":"1023835","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590","reference_id":"CVE-2013-5590","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93","reference_id":"mfsa2013-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmbr-abcz-97g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2056?format=json","vulnerability_id":"VCID-pr98-y52y-r7gu","summary":"Security researcher Nils used the Address Sanitizer tool\nwhile fuzzing to discover a memory corruption issue with the JavaScript engine\nwhen using workers with direct proxies. This results in a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5602.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5602","reference_id":"","reference_type":"","scores":[{"value":"0.03229","scoring_system":"epss","scoring_elements":"0.87287","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5602"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023844","reference_id":"1023844","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1023844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602","reference_id":"CVE-2013-5602","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602"},{"reference_url":"https://security.gentoo.org/glsa/201504-01","reference_id":"GLSA-201504-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201504-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-101","reference_id":"mfsa2013-101","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1476","reference_id":"RHSA-2013:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1480","reference_id":"RHSA-2013:1480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1480"},{"reference_url":"https://usn.ubuntu.com/2009-1/","reference_id":"USN-2009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2009-1/"},{"reference_url":"https://usn.ubuntu.com/2010-1/","reference_id":"USN-2010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2010-1/"}],"fixed_packages":[],"aliases":["CVE-2013-5602"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr98-y52y-r7gu"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xulrunner@17.0.10-1%3Farch=el6_4"}