CVE-2009-0689

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/35510	Exploit Patch
http://securitytracker.com/id?1022478	Patch
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c	Patch Vendor Advisory
http://securityreason.com/achievement_securityalert/63	Exploit
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h	Patch
http://securityreason.com/achievement_securityalert/77
http://www.opera.com/support/kb/view/942/
http://www.redhat.com/support/errata/RHSA-2009-1601.html
http://securityreason.com/achievement_securityalert/72
http://www.vupen.com/english/advisories/2009/3297	Vendor Advisory
http://securityreason.com/achievement_securityalert/73
http://secunia.com/advisories/37683	Vendor Advisory
http://secunia.com/advisories/37431	Vendor Advisory
http://securityreason.com/achievement_securityalert/71
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.vupen.com/english/advisories/2009/3299	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://secunia.com/advisories/37682	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=516396
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
https://bugzilla.mozilla.org/show_bug.cgi?id=516862
http://secunia.com/secunia_research/2009-35/	Vendor Advisory
http://securityreason.com/achievement_securityalert/78
http://www.vupen.com/english/advisories/2009/3334	Vendor Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html	Vendor Advisory
http://securityreason.com/achievement_securityalert/75
http://securityreason.com/achievement_securityalert/76
http://securityreason.com/achievement_securityalert/69
http://secunia.com/advisories/38066	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0094	Vendor Advisory
http://securityreason.com/achievement_securityalert/81
http://secunia.com/advisories/39001	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.vupen.com/english/advisories/2010/0650	Vendor Advisory
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648	Vendor Advisory
http://secunia.com/advisories/38977	Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	Vendor Advisory
http://support.apple.com/kb/HT4077
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://support.apple.com/kb/HT4225
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://rhn.redhat.com/errata/RHSA-2014-0312.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
http://www.securityfocus.com/archive/1/508423/100/0/threaded
http://www.securityfocus.com/archive/1/508417/100/0/threaded
http://www.securityfocus.com/archive/1/507979/100/0/threaded
http://www.securityfocus.com/archive/1/507977/100/0/threaded
https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:6.4:stable::::::
	cpe:2.3:o:freebsd:freebsd:6.4:release_p4::::::
	cpe:2.3:o:openbsd:openbsd:4.5:::::::*
	cpe:2.3:o:netbsd:netbsd:5.0:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.5:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:::::::*
	cpe:2.3:o:freebsd:freebsd:7.2:pre-release::::::
	cpe:2.3:o:freebsd:freebsd:7.2:stable::::::
	cpe:2.3:o:freebsd:freebsd:6.4:release_p2::::::
	cpe:2.3:a:mozilla:firefox:3.5.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.9:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:release_p5::::::
	cpe:2.3:a:mozilla:firefox:3.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
	cpe:2.3:a:k-meleon_project:k-meleon:1.5.3:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:release::::::
	cpe:2.3:a:mozilla:firefox:3.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.14:::::::*
	cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.12:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
	cpe:2.3:o:freebsd:freebsd:7.2:::::::*
	cpe:2.3:o:freebsd:freebsd:6.4:release_p3::::::
	cpe:2.3:a:mozilla:firefox:3.0.13:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.11:::::::*

Information

Published : 2009-07-01 06:00

Updated : 2018-11-02 03:29

NVD link : CVE-2009-0689

Mitre link : CVE-2009-0689

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

netbsd

netbsd

freebsd

freebsd

mozilla

firefox
seamonkey

k-meleon_project

k-meleon

openbsd

openbsd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/35510", "name": "35510", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1022478", "name": "1022478", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c", "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://securityreason.com/achievement_securityalert/63", "name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun", "tags": ["Exploit"], "refsource": "SREASONRES"}, {"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h", "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://securityreason.com/achievement_securityalert/77", "name": "20091211 Sunbird 0.9 Array Overrun (code execution)", "tags": [], "refsource": "SREASONRES"}, {"url": "http://www.opera.com/support/kb/view/942/", "name": "http://www.opera.com/support/kb/view/942/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html", "name": "RHSA-2009:1601", "tags": [], "refsource": "REDHAT"}, {"url": "http://securityreason.com/achievement_securityalert/72", "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "SREASONRES"}, {"url": "http://www.vupen.com/english/advisories/2009/3297", "name": "ADV-2009-3297", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://securityreason.com/achievement_securityalert/73", "name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "SREASONRES"}, {"url": "http://secunia.com/advisories/37683", "name": "37683", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/37431", "name": "37431", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/achievement_securityalert/71", "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "SREASONRES"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1", "name": "272909", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2009/3299", "name": "ADV-2009-3299", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294", "name": "MDVSA-2009:294", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/37682", "name": "37682", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330", "name": "MDVSA-2009:330", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", "name": "SUSE-SR:2009:018", "tags": [], "refsource": "SUSE"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/secunia_research/2009-35/", "name": "http://secunia.com/secunia_research/2009-35/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://securityreason.com/achievement_securityalert/78", "name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "SREASONRES"}, {"url": "http://www.vupen.com/english/advisories/2009/3334", "name": "ADV-2009-3334", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html", "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://securityreason.com/achievement_securityalert/75", "name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "SREASONRES"}, {"url": "http://securityreason.com/achievement_securityalert/76", "name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "SREASONRES"}, {"url": "http://securityreason.com/achievement_securityalert/69", "name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities", "tags": [], "refsource": "SREASONRES"}, {"url": "http://secunia.com/advisories/38066", "name": "38066", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/0094", "name": "ADV-2010-0094", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://securityreason.com/achievement_securityalert/81", "name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow", "tags": [], "refsource": "SREASONRES"}, {"url": "http://secunia.com/advisories/39001", "name": "39001", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html", "name": "RHSA-2010:0153", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html", "name": "RHSA-2010:0154", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2010/0650", "name": "ADV-2010-0650", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.ubuntu.com/usn/USN-915-1", "name": "USN-915-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.vupen.com/english/advisories/2010/0648", "name": "ADV-2010-0648", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/38977", "name": "38977", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "name": "APPLE-SA-2010-03-29-1", "tags": ["Vendor Advisory"], "refsource": "APPLE"}, {"url": "http://support.apple.com/kb/HT4077", "name": "http://support.apple.com/kb/HT4077", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "name": "SUSE-SR:2010:013", "tags": [], "refsource": "SUSE"}, {"url": "http://support.apple.com/kb/HT4225", "name": "http://support.apple.com/kb/HT4225", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "name": "APPLE-SA-2010-06-21-1", "tags": [], "refsource": "APPLE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html", "name": "RHSA-2014:0311", "tags": [], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html", "name": "RHSA-2014:0312", "tags": [], "refsource": "REDHAT"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541", "name": "oval:org.mitre.oval:def:9541", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528", "name": "oval:org.mitre.oval:def:6528", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded", "name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded", "name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded", "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded", "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html", "name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0689", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2009-07-01T13:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.2:stable:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.4:release_p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.4:release_p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:k-meleon_project:k-meleon:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.4:release:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:6.4:release_p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-02T10:29Z"}

6.8 /10