{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63615?format=json","vulnerability_id":"VCID-nx8g-hhbk-yyep","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","aliases":[{"alias":"CVE-2009-3370"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86696?format=json","purl":"pkg:mozilla/Firefox@3.0.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/86695?format=json","purl":"pkg:mozilla/Firefox@3.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/128146?format=json","purl":"pkg:rpm/redhat/firefox@3.0.15-3?arch=el5_4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16d6-e24t-dfb7"},{"vulnerability":"VCID-2jhf-j64s-gygy"},{"vulnerability":"VCID-4vaj-81k4-n3a6"},{"vulnerability":"VCID-58z4-jhs8-kyay"},{"vulnerability":"VCID-5bdt-dd2k-c7gq"},{"vulnerability":"VCID-aw3w-yap1-u7cx"},{"vulnerability":"VCID-b76x-3z8j-4fa9"},{"vulnerability":"VCID-h68j-ht6w-jqbm"},{"vulnerability":"VCID-nx8g-hhbk-yyep"},{"vulnerability":"VCID-qqg4-kz4u-hbh8"},{"vulnerability":"VCID-sua6-rkjm-qyge"},{"vulnerability":"VCID-yn4z-ymst-1bew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@3.0.15-3%3Farch=el5_4"},{"url":"http://public2.vulnerablecode.io/api/packages/128156?format=json","purl":"pkg:rpm/redhat/firefox@3.0.15-3?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16d6-e24t-dfb7"},{"vulnerability":"VCID-2jhf-j64s-gygy"},{"vulnerability":"VCID-4vaj-81k4-n3a6"},{"vulnerability":"VCID-58z4-jhs8-kyay"},{"vulnerability":"VCID-5bdt-dd2k-c7gq"},{"vulnerability":"VCID-aw3w-yap1-u7cx"},{"vulnerability":"VCID-b76x-3z8j-4fa9"},{"vulnerability":"VCID-h68j-ht6w-jqbm"},{"vulnerability":"VCID-nx8g-hhbk-yyep"},{"vulnerability":"VCID-qqg4-kz4u-hbh8"},{"vulnerability":"VCID-sua6-rkjm-qyge"},{"vulnerability":"VCID-yn4z-ymst-1bew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@3.0.15-3%3Farch=el4"},{"url":"http://public2.vulnerablecode.io/api/packages/128158?format=json","purl":"pkg:rpm/redhat/nspr@4.7.6-1?arch=el4_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16d6-e24t-dfb7"},{"vulnerability":"VCID-2jhf-j64s-gygy"},{"vulnerability":"VCID-4vaj-81k4-n3a6"},{"vulnerability":"VCID-58z4-jhs8-kyay"},{"vulnerability":"VCID-5bdt-dd2k-c7gq"},{"vulnerability":"VCID-aw3w-yap1-u7cx"},{"vulnerability":"VCID-b76x-3z8j-4fa9"},{"vulnerability":"VCID-h68j-ht6w-jqbm"},{"vulnerability":"VCID-nx8g-hhbk-yyep"},{"vulnerability":"VCID-qqg4-kz4u-hbh8"},{"vulnerability":"VCID-sua6-rkjm-qyge"},{"vulnerability":"VCID-yn4z-ymst-1bew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nspr@4.7.6-1%3Farch=el4_8"},{"url":"http://public2.vulnerablecode.io/api/packages/128151?format=json","purl":"pkg:rpm/redhat/nspr@4.7.6-1?arch=el5_4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16d6-e24t-dfb7"},{"vulnerability":"VCID-2jhf-j64s-gygy"},{"vulnerability":"VCID-4vaj-81k4-n3a6"},{"vulnerability":"VCID-58z4-jhs8-kyay"},{"vulnerability":"VCID-5bdt-dd2k-c7gq"},{"vulnerability":"VCID-aw3w-yap1-u7cx"},{"vulnerability":"VCID-b76x-3z8j-4fa9"},{"vulnerability":"VCID-h68j-ht6w-jqbm"},{"vulnerability":"VCID-nx8g-hhbk-yyep"},{"vulnerability":"VCID-qqg4-kz4u-hbh8"},{"vulnerability":"VCID-sua6-rkjm-qyge"},{"vulnerability":"VCID-yn4z-ymst-1bew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nspr@4.7.6-1%3Farch=el5_4"},{"url":"http://public2.vulnerablecode.io/api/packages/128148?format=json","purl":"pkg:rpm/redhat/xulrunner@1.9.0.15-3?arch=el5_4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16d6-e24t-dfb7"},{"vulnerability":"VCID-2jhf-j64s-gygy"},{"vulnerability":"VCID-4vaj-81k4-n3a6"},{"vulnerability":"VCID-58z4-jhs8-kyay"},{"vulnerability":"VCID-5bdt-dd2k-c7gq"},{"vulnerability":"VCID-aw3w-yap1-u7cx"},{"vulnerability":"VCID-b76x-3z8j-4fa9"},{"vulnerability":"VCID-h68j-ht6w-jqbm"},{"vulnerability":"VCID-nx8g-hhbk-yyep"},{"vulnerability":"VCID-qqg4-kz4u-hbh8"},{"vulnerability":"VCID-sua6-rkjm-qyge"},{"vulnerability":"VCID-yn4z-ymst-1bew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xulrunner@1.9.0.15-3%3Farch=el5_4"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3370.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3370","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68358","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68286","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68345","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68084","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68125","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68169","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68194","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6818","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68147","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68185","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68179","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68222","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68231","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68236","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68211","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68256","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68293","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68258","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3370"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=530151","reference_id":"530151","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=530151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370","reference_id":"CVE-2009-3370","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-52","reference_id":"mfsa2009-52","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-52"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1530","reference_id":"RHSA-2009:1530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1530"},{"reference_url":"https://usn.ubuntu.com/853-1/","reference_id":"USN-853-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/853-1/"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nx8g-hhbk-yyep"}