[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-0354":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":54,"related":55,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":69,"kevs":158,"epss":159,"epss_history":162,"metrics":416,"affected":421},"CVE-2009-0354","Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48,50,52],{"_key":49},"RHSA-2009:0256",{"_key":51},"OPENSUSE-SU-2024:10600-1",{"_key":53},"OPENSUSE-SU-2024:14572-1",[],[56,57],{"_key":51},{"_key":53},"2009-02-04T19:00:00.000Z","2024-08-07T04:31:25.569Z","Modified",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":63,"epss_score":64,"severity":63,"severity_score":65,"severity_version":66,"severity_source":67,"severity_vector":68,"severity_status":60},false,"low",0.00789,2.6,"v2.0","nvd","AV:N/AC:H/Au:N/C:N/I:P/A:N",[70,77,83,89,94,99,104,108,112,116,120,126,130,134,139,144,148,153],{"url":71,"sources":72,"tags":74},"http://www.vupen.com/english/advisories/2009/0313",[73,67],"cve.org",[75,76],"VDB Entry","X Refsource VUPEN",{"url":78,"sources":79,"tags":80},"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html",[73,67],[81,82],"Vendor Advisory","X Refsource SUSE",{"url":84,"sources":85,"tags":86},"http://secunia.com/advisories/33809",[73,67],[87,88],"Third Party Advisory","X Refsource SECUNIA",{"url":90,"sources":91,"tags":92},"http://www.mandriva.com/security/advisories?name=MDVSA-2009:044",[73,67],[81,93],"X Refsource MANDRIVA",{"url":95,"sources":96,"tags":97},"http://rhn.redhat.com/errata/RHSA-2009-0256.html",[73,67],[81,98],"X Refsource REDHAT",{"url":100,"sources":101,"tags":102},"http://www.mozilla.org/security/announce/2009/mfsa2009-02.html",[73,67],[103,81],"X Refsource CONFIRM",{"url":105,"sources":106,"tags":107},"http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm",[73,67],[103],{"url":109,"sources":110,"tags":111},"http://secunia.com/advisories/33831",[73,67],[87,88],{"url":113,"sources":114,"tags":115},"https://bugzilla.mozilla.org/show_bug.cgi?id=468581",[73,67],[103],{"url":117,"sources":118,"tags":119},"http://secunia.com/advisories/33841",[73,67],[87,88],{"url":121,"sources":122,"tags":123},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9796",[73,67],[75,124,125],"Signature","X Refsource OVAL",{"url":127,"sources":128,"tags":129},"http://secunia.com/advisories/33846",[73,67],[87,88],{"url":131,"sources":132,"tags":133},"http://secunia.com/advisories/33799",[73,67],[87,88],{"url":135,"sources":136,"tags":137},"http://www.securityfocus.com/bid/33598",[73,67],[75,138],"X Refsource BID",{"url":140,"sources":141,"tags":142},"https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html",[73,67],[81,143],"X Refsource FEDORA",{"url":145,"sources":146,"tags":147},"http://secunia.com/advisories/33869",[73,67],[87,88],{"url":149,"sources":150,"tags":151},"http://www.securitytracker.com/id?1021664",[73,67],[75,152],"X Refsource SECTRACK",{"url":154,"sources":155,"tags":156},"http://www.ubuntu.com/usn/usn-717-1",[73,67],[81,157],"X Refsource UBUNTU",[],{"date":160,"score":64,"percentile":161},"2026-06-04",0.74222,[163,166,169,172,175,177,180,183,186,189,192,195,198,200,203,206,209,212,215,218,221,224,227,229,232,234,237,239,242,245,248,250,252,254,257,260,263,266,269,272,274,277,279,281,284,287,290,292,295,298,301,304,307,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,389,392,395,398,401,403,405,407,410,413],{"date":164,"score":64,"percentile":165},"2025-11-04",0.73105,{"date":167,"score":64,"percentile":168},"2025-11-05",0.73091,{"date":170,"score":64,"percentile":171},"2025-11-06",0.7309,{"date":173,"score":64,"percentile":174},"2025-11-07",0.73108,{"date":176,"score":64,"percentile":174},"2025-11-08",{"date":178,"score":64,"percentile":179},"2025-11-09",0.73101,{"date":181,"score":64,"percentile":182},"2025-11-10",0.73089,{"date":184,"score":64,"percentile":185},"2025-11-11",0.73094,{"date":187,"score":64,"percentile":188},"2025-11-12",0.73112,{"date":190,"score":64,"percentile":191},"2025-11-13",0.73118,{"date":193,"score":64,"percentile":194},"2025-11-14",0.73124,{"date":196,"score":64,"percentile":197},"2025-11-15",0.73122,{"date":199,"score":64,"percentile":191},"2025-11-16",{"date":201,"score":64,"percentile":202},"2025-11-17",0.73113,{"date":204,"score":64,"percentile":205},"2025-11-18",0.71745,{"date":207,"score":64,"percentile":208},"2025-11-19",0.71752,{"date":210,"score":64,"percentile":211},"2025-11-20",0.71759,{"date":213,"score":64,"percentile":214},"2025-11-21",0.7313,{"date":216,"score":64,"percentile":217},"2025-11-22",0.73126,{"date":219,"score":64,"percentile":220},"2025-11-23",0.73109,{"date":222,"score":64,"percentile":223},"2025-11-24",0.73103,{"date":225,"score":64,"percentile":226},"2025-11-25",0.73106,{"date":228,"score":64,"percentile":188},"2025-11-26",{"date":230,"score":64,"percentile":231},"2025-11-27",0.73114,{"date":233,"score":64,"percentile":174},"2025-11-28",{"date":235,"score":64,"percentile":236},"2025-11-29",0.731,{"date":238,"score":64,"percentile":185},"2025-11-30",{"date":240,"score":64,"percentile":241},"2025-12-01",0.73227,{"date":243,"score":64,"percentile":244},"2025-12-02",0.73237,{"date":246,"score":64,"percentile":247},"2025-12-03",0.73236,{"date":249,"score":64,"percentile":226},"2025-12-04",{"date":251,"score":64,"percentile":231},"2025-12-05",{"date":253,"score":64,"percentile":202},"2025-12-06",{"date":255,"score":64,"percentile":256},"2025-12-07",0.73116,{"date":258,"score":64,"percentile":259},"2025-12-08",0.7312,{"date":261,"score":64,"percentile":262},"2025-12-09",0.73147,{"date":264,"score":64,"percentile":265},"2025-12-10",0.7318,{"date":267,"score":64,"percentile":268},"2025-12-11",0.73198,{"date":270,"score":64,"percentile":271},"2025-12-12",0.7322,{"date":273,"score":64,"percentile":241},"2025-12-13",{"date":275,"score":64,"percentile":276},"2025-12-14",0.73226,{"date":278,"score":64,"percentile":241},"2025-12-15",{"date":280,"score":64,"percentile":247},"2025-12-16",{"date":282,"score":64,"percentile":283},"2025-12-17",0.73246,{"date":285,"score":64,"percentile":286},"2025-12-18",0.73269,{"date":288,"score":64,"percentile":289},"2025-12-19",0.73287,{"date":291,"score":64,"percentile":289},"2025-12-20",{"date":293,"score":64,"percentile":294},"2025-12-21",0.73281,{"date":296,"score":64,"percentile":297},"2025-12-22",0.73279,{"date":299,"score":64,"percentile":300},"2025-12-23",0.7327,{"date":302,"score":64,"percentile":303},"2025-12-24",0.7328,{"date":305,"score":64,"percentile":306},"2025-12-25",0.73307,{"date":308,"score":64,"percentile":306},"2025-12-26",{"date":310,"score":64,"percentile":311},"2025-12-27",0.7332,{"date":313,"score":64,"percentile":314},"2025-12-28",0.73283,{"date":316,"score":64,"percentile":317},"2025-12-29",0.73278,{"date":319,"score":64,"percentile":320},"2025-12-30",0.73292,{"date":322,"score":64,"percentile":323},"2025-12-31",0.73321,{"date":325,"score":64,"percentile":326},"2026-01-01",0.73472,{"date":328,"score":64,"percentile":329},"2026-01-02",0.73471,{"date":331,"score":64,"percentile":332},"2026-01-03",0.73469,{"date":334,"score":64,"percentile":335},"2026-01-04",0.73331,{"date":337,"score":64,"percentile":338},"2026-01-05",0.73323,{"date":340,"score":64,"percentile":341},"2026-01-06",0.73336,{"date":343,"score":64,"percentile":344},"2026-01-07",0.73345,{"date":346,"score":64,"percentile":347},"2026-01-08",0.73354,{"date":349,"score":64,"percentile":350},"2026-01-09",0.73357,{"date":352,"score":64,"percentile":353},"2026-01-10",0.73353,{"date":355,"score":64,"percentile":356},"2026-01-11",0.73343,{"date":358,"score":64,"percentile":359},"2026-01-12",0.73332,{"date":361,"score":64,"percentile":362},"2026-01-13",0.7333,{"date":364,"score":64,"percentile":365},"2026-01-14",0.73355,{"date":367,"score":64,"percentile":368},"2026-01-15",0.73363,{"date":370,"score":64,"percentile":371},"2026-01-16",0.7338,{"date":373,"score":64,"percentile":374},"2026-01-17",0.73377,{"date":376,"score":64,"percentile":377},"2026-01-18",0.73352,{"date":379,"score":64,"percentile":380},"2026-01-19",0.7334,{"date":382,"score":64,"percentile":383},"2026-01-20",0.73344,{"date":385,"score":64,"percentile":386},"2026-01-21",0.73348,{"date":388,"score":64,"percentile":365},"2026-01-22",{"date":390,"score":64,"percentile":391},"2026-01-23",0.73384,{"date":393,"score":64,"percentile":394},"2026-01-24",0.73392,{"date":396,"score":64,"percentile":397},"2026-01-25",0.73375,{"date":399,"score":64,"percentile":400},"2026-01-26",0.73373,{"date":402,"score":64,"percentile":374},"2026-01-27",{"date":404,"score":64,"percentile":394},"2026-01-28",{"date":406,"score":64,"percentile":394},"2026-01-29",{"date":408,"score":64,"percentile":409},"2026-01-30",0.73398,{"date":411,"score":64,"percentile":412},"2026-01-31",0.73403,{"date":414,"score":64,"percentile":415},"2026-02-01",0.7353,[417],{"source":67,"cvss_v2_0":418,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":65,"baseSeverity":9,"vectorString":68,"impactScore":419,"exploitabilityScore":420},2.9,4.9,[422],{"ecosystem":9,"name":423,"vendor":424,"product":423,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"firefox","mozilla","a",[427,430,432,434,436,438,440,442,444],{"version":428,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0","cpe",{"version":431,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0:alpha",{"version":433,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0:beta2",{"version":435,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0:beta5",{"version":437,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.1",{"version":439,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.2",{"version":441,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.3",{"version":443,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.4",{"version":445,"is_range":62,"range_type":429,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0.5"]