{"url":"http://public2.vulnerablecode.io/api/packages/313719?format=json","purl":"pkg:rpm/redhat/xulrunner@1.9.2.11-2?arch=el5","type":"rpm","namespace":"redhat","name":"xulrunner","version":"1.9.2.11-2","qualifiers":{"arch":"el5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2135?format=json","vulnerability_id":"VCID-4w5k-qnky-ybdy","summary":"Security researcher Sergey Glazunov reported that\nit was possible to access the locationbar property of\na window object after it had been closed.  Since the\nclosed window's memory could have been subsequently\nreused by the system it was possible that an attempt to access\nthe locationbar property could result in the execution of\nattacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3180","reference_id":"","reference_type":"","scores":[{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.903","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642283","reference_id":"642283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180","reference_id":"CVE-2010-3180","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3180"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-66","reference_id":"mfsa2010-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3180"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4w5k-qnky-ybdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2127?format=json","vulnerability_id":"VCID-5mat-a9vu-nfff","summary":"Google security researcher Robert Swiecki reported\nthat functions used by the Gopher parser to convert text to HTML tags\ncould be exploited to turn text into executable JavaScript.  If an\nattacker could create a file or directory on a Gopher server with the\nencoded script as part of its name the script would then run in a\nvictim's browser within the context of the site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3177","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72828","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642290","reference_id":"642290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177","reference_id":"CVE-2010-3177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3177"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-68","reference_id":"mfsa2010-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-68"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mat-a9vu-nfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2174?format=json","vulnerability_id":"VCID-c81m-9s68-zbgx","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3176","reference_id":"","reference_type":"","scores":[{"value":"0.03853","scoring_system":"epss","scoring_elements":"0.88399","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642272","reference_id":"642272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176","reference_id":"CVE-2010-3176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3176"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3176"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c81m-9s68-zbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2175?format=json","vulnerability_id":"VCID-fm6v-97ps-qkb1","summary":"Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3175","reference_id":"","reference_type":"","scores":[{"value":"0.03233","scoring_system":"epss","scoring_elements":"0.87292","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642275","reference_id":"642275","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175","reference_id":"CVE-2010-3175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3175"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64","reference_id":"mfsa2010-64","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fm6v-97ps-qkb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2166?format=json","vulnerability_id":"VCID-hcjp-8k4f-fuhf","summary":"Security researcher Alexander Miller reported that\npassing an excessively long string to document.write\ncould cause text rendering routines to end up in an inconsistent state\nwith sections of stack memory being overwritten with the string data.\nAn attacker could use this flaw to crash a victim's browser and\npotentially run arbitrary code on their computer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3179","reference_id":"","reference_type":"","scores":[{"value":"0.22551","scoring_system":"epss","scoring_elements":"0.95941","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642277","reference_id":"642277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179","reference_id":"CVE-2010-3179","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3179"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html","reference_id":"CVE-2010-3179;OSVDB-68850","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/34881.html"},{"reference_url":"https://www.securityfocus.com/bid/44247/info","reference_id":"CVE-2010-3179;OSVDB-68850","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/44247/info"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-65","reference_id":"mfsa2010-65","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-65"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3179"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcjp-8k4f-fuhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2192?format=json","vulnerability_id":"VCID-jjg5-q8kj-yyg9","summary":"Security researcher Eduardo Vela Nava reported that\nif a web page opened a new window and used a javascript: URL to make a\nmodal call, such as alert(), then subsequently navigated\nthe page to a different domain, once the modal call returned the\nopener of the window could get access to objects in the navigated\nwindow.  This is a violation of the same-origin policy and could be\nused by an attacker to steal information from another web site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3178","reference_id":"","reference_type":"","scores":[{"value":"0.00855","scoring_system":"epss","scoring_elements":"0.75272","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642294","reference_id":"642294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178","reference_id":"CVE-2010-3178","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3178"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-69","reference_id":"mfsa2010-69","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3178"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjg5-q8kj-yyg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2173?format=json","vulnerability_id":"VCID-kvg8-pa7m-2bfg","summary":"Security researcher Richard Moore reported that\nwhen an SSL certificate was created with a common name containing a\nwildcard followed by a partial IP address a valid SSL connection could be\nestablished with a server whose IP address matched the wildcard range\nby browsing directly to the IP address. It is extremely unlikely that\nsuch a certificate would be issued by a Certificate Authority.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3170","reference_id":"","reference_type":"","scores":[{"value":"0.01158","scoring_system":"epss","scoring_elements":"0.7888","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=630047","reference_id":"630047","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=630047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170","reference_id":"CVE-2010-3170","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-70","reference_id":"mfsa2010-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0862","reference_id":"RHSA-2010:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0862"},{"reference_url":"https://usn.ubuntu.com/1007-1/","reference_id":"USN-1007-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1007-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3170"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvg8-pa7m-2bfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2188?format=json","vulnerability_id":"VCID-nhbn-aqde-vue5","summary":"Mozilla cryptographer Nelson Bolyard reported that\nthe SSL implementation was permitting servers to use Diffie-Hellman\nEphemeral mode (DHE) with too short of a minimum key length.  DHE keys\nof such lengths are trivially breakable on modern hardware so SSL\nservers operating in this mode were providing very little effective\nsecurity for their clients.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3173.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3173","reference_id":"","reference_type":"","scores":[{"value":"0.02315","scoring_system":"epss","scoring_elements":"0.85043","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3173"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642302","reference_id":"642302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173","reference_id":"CVE-2010-3173","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-72","reference_id":"mfsa2010-72","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-72"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://usn.ubuntu.com/1007-1/","reference_id":"USN-1007-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1007-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbn-aqde-vue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=json","vulnerability_id":"VCID-qn4t-s1ek-vkcm","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that\nwhen window.__lookupGetter__ is called with no arguments\nthe code assumes the top JavaScript stack value is a property name.\nSince there were no arguments passed into the function, the top value\ncould represent uninitialized memory or a pointer to a previously\nfreed JavaScript object.  Under such circumstances the value is passed\nto another subroutine which calls through the dangling pointer,\npotentially executing attacker-controlled memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3183","reference_id":"","reference_type":"","scores":[{"value":"0.06976","scoring_system":"epss","scoring_elements":"0.91578","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642286","reference_id":"642286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183","reference_id":"CVE-2010-3183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3183"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-67","reference_id":"mfsa2010-67","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-67"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4t-s1ek-vkcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2155?format=json","vulnerability_id":"VCID-wwk8-bpv8-zyhh","summary":"Mozilla developer Ehsan Akhgari reported that a\nfunction used to load external libraries on Windows platforms was\nusing a relative path to a DLL-loading application and was thus\nvulnerable to binary planting if an attacker was able to place an\nexecutable of the same name in the current working directory or any of\nthe other locations that Windows searches for executables.Dmitri Gribenko reported that the script used to\nlaunch Mozilla applications on Linux was effectively including the\ncurrent working directory in the LD_LIBRARY_PATH\nenvironment variable.  If an attacker was able to place into the\ncurrent working directory a malicious shared library with the same\nname as a library that the bootstrapping script depends on the\nattacker could have their library loaded instead of the legitimate\nlibrary.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3182","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23338","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=642300","reference_id":"642300","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=642300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182","reference_id":"CVE-2010-3182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3182"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71","reference_id":"mfsa2010-71","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-71"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0780","reference_id":"RHSA-2010:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0781","reference_id":"RHSA-2010:0781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0782","reference_id":"RHSA-2010:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0861","reference_id":"RHSA-2010:0861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0896","reference_id":"RHSA-2010:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0896"},{"reference_url":"https://usn.ubuntu.com/997-1/","reference_id":"USN-997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/997-1/"},{"reference_url":"https://usn.ubuntu.com/998-1/","reference_id":"USN-998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/998-1/"}],"fixed_packages":[],"aliases":["CVE-2010-3182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwk8-bpv8-zyhh"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xulrunner@1.9.2.11-2%3Farch=el5"}