Package Instance

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5415

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-173r-g4tm-tbdk

url VCID-1jrf-kzc8-87b8

vulnerability_id VCID-1jrf-kzc8-87b8

summary An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5418

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jrf-kzc8-87b8

url VCID-41k8-gnnn-17hp

vulnerability_id VCID-41k8-gnnn-17hp

summary The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5414

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41k8-gnnn-17hp

url VCID-4gky-p4gv-u7cw

vulnerability_id VCID-4gky-p4gv-u7cw

summary Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5408

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gky-p4gv-u7cw

url VCID-4ncv-bsfh-kufk

vulnerability_id VCID-4ncv-bsfh-kufk

summary Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5410

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ncv-bsfh-kufk

url VCID-53n9-hyzh-yyaz

vulnerability_id VCID-53n9-hyzh-yyaz

summary Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5398

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53n9-hyzh-yyaz

url VCID-5ptb-5a8k-27ff

vulnerability_id VCID-5ptb-5a8k-27ff

summary If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5422

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ptb-5a8k-27ff

url VCID-5vdw-pucj-83df

vulnerability_id VCID-5vdw-pucj-83df

summary When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5403

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vdw-pucj-83df

url VCID-6rhu-j1hm-5yc5

vulnerability_id VCID-6rhu-j1hm-5yc5

summary A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5427

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rhu-j1hm-5yc5

url VCID-7rvf-ac7d-6fa6

vulnerability_id VCID-7rvf-ac7d-6fa6

summary If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5419

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rvf-ac7d-6fa6

url VCID-96xh-fdtu-5fh3

vulnerability_id VCID-96xh-fdtu-5fh3

summary On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. *Note: this issue only affects Linux. Other operating systems are not affected.*

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5426

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96xh-fdtu-5fh3

url VCID-9ymk-b2sg-3bfh

vulnerability_id VCID-9ymk-b2sg-3bfh

summary A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5406

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ymk-b2sg-3bfh

url VCID-d5gv-m4u7-3bfc

vulnerability_id VCID-d5gv-m4u7-3bfc

summary JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5400

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gv-m4u7-3bfc

url VCID-ddhr-r6rr-q7ah

vulnerability_id VCID-ddhr-r6rr-q7ah

summary Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and André Bargull reported memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5399

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddhr-r6rr-q7ah

url VCID-e2vh-ny9f-vugv

vulnerability_id VCID-e2vh-ny9f-vugv

summary A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5420

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2vh-ny9f-vugv

url VCID-ez33-vkty-bkcx

vulnerability_id VCID-ez33-vkty-bkcx

summary A buffer overflow read during SVG filter color value operations, resulting in data exposure.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5412

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ez33-vkty-bkcx

url VCID-hdfp-hcar-hqdj

vulnerability_id VCID-hdfp-hcar-hqdj

summary A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5421

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdfp-hcar-hqdj

url VCID-jc41-75ha-97c9

vulnerability_id VCID-jc41-75ha-97c9

summary A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5401

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-75ha-97c9

url VCID-kxgc-ypqu-9fd9

vulnerability_id VCID-kxgc-ypqu-9fd9

summary In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5416

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxgc-ypqu-9fd9

url VCID-m2ee-rr9r-u3ge

vulnerability_id VCID-m2ee-rr9r-u3ge

summary Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5405

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ee-rr9r-u3ge

url VCID-m4jq-6tmd-p7gh

vulnerability_id VCID-m4jq-6tmd-p7gh

summary When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5417

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4jq-6tmd-p7gh

url VCID-nv26-s56m-vkdh

vulnerability_id VCID-nv26-s56m-vkdh

summary Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5407

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nv26-s56m-vkdh

url VCID-rmrk-stbr-tbf7

vulnerability_id VCID-rmrk-stbr-tbf7

summary A segmentation fault can occur during some bidirectional layout operations.

references

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5413

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmrk-stbr-tbf7

url VCID-wx4s-73zs-cfap

vulnerability_id VCID-wx4s-73zs-cfap

summary A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5402

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wx4s-73zs-cfap

url VCID-xtbe-gv4p-23fn

vulnerability_id VCID-xtbe-gv4p-23fn

summary A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201703-2
reference_id	ASA-201703-2
reference_type
scores
url	https://security.archlinux.org/ASA-201703-2

reference_url	https://security.archlinux.org/ASA-201703-3
reference_id	ASA-201703-3
reference_type
scores
url	https://security.archlinux.org/ASA-201703-3

reference_url

reference_id

AVG-193

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-194

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

reference_id

mfsa2017-05

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_id

mfsa2017-06

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_id

mfsa2017-07

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

reference_id

mfsa2017-09

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-09

fixed_packages

url	pkg:alpm/archlinux/firefox@52.0-1
purl	pkg:alpm/archlinux/firefox@52.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1

aliases CVE-2017-5404

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xtbe-gv4p-23fn

Fixing_vulnerabilities

url VCID-11uz-v7pw-v7hw

vulnerability_id VCID-11uz-v7pw-v7hw

summary URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5383

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw

url VCID-3am9-1vdf-27gt

vulnerability_id VCID-3am9-1vdf-27gt

summary JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5375

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt

url VCID-442s-jgvp-gfav

vulnerability_id VCID-442s-jgvp-gfav

summary Use-after-free while manipulating XSL in XSLT documents

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5376

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav

url VCID-52sd-uf2t-wkam

vulnerability_id VCID-52sd-uf2t-wkam

summary Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5374

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52sd-uf2t-wkam

url VCID-5m57-7cch-v3ga

vulnerability_id VCID-5m57-7cch-v3ga

summary Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5373

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga

url VCID-7h8u-eu8y-1kha

vulnerability_id VCID-7h8u-eu8y-1kha

summary The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5393

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7h8u-eu8y-1kha

url VCID-bn6e-q2fz-7fba

vulnerability_id VCID-bn6e-q2fz-7fba

summary A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5396

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba

url VCID-d6tp-qmay-tbf6

vulnerability_id VCID-d6tp-qmay-tbf6

summary Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5391

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tp-qmay-tbf6

url VCID-fhdf-bwes-dkbc

vulnerability_id VCID-fhdf-bwes-dkbc

summary A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5377

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhdf-bwes-dkbc

url VCID-hhp4-mh9x-pkfc

vulnerability_id VCID-hhp4-mh9x-pkfc

summary The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5387

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhp4-mh9x-pkfc

url VCID-m7n2-1ppv-jfcm

vulnerability_id VCID-m7n2-1ppv-jfcm

summary Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5378

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm

url VCID-n9bg-836z-abb8

vulnerability_id VCID-n9bg-836z-abb8

summary The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5390

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8

url VCID-qp5g-hk6b-8qck

vulnerability_id VCID-qp5g-hk6b-8qck

summary Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5382

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qp5g-hk6b-8qck

url VCID-t84w-xvmd-sudf

vulnerability_id VCID-t84w-xvmd-sudf

summary WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5389

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t84w-xvmd-sudf

url VCID-urn6-j25v-pkdz

vulnerability_id VCID-urn6-j25v-pkdz

summary Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5385

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urn6-j25v-pkdz

url VCID-vz3w-t1uk-ubb7

vulnerability_id VCID-vz3w-t1uk-ubb7

summary Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5384

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vz3w-t1uk-ubb7

url VCID-w6s6-79aa-ubg4

vulnerability_id VCID-w6s6-79aa-ubg4

summary WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5386

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6s6-79aa-ubg4

url VCID-w7y8-j3y5-v3ex

vulnerability_id VCID-w7y8-j3y5-v3ex

summary Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5379

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7y8-j3y5-v3ex

url VCID-yk3y-5my9-auak

vulnerability_id VCID-yk3y-5my9-auak

summary A potential use-after-free found through fuzzing during DOM manipulation of SVG content.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5380

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak

url VCID-zd5k-c12h-c3ae

vulnerability_id VCID-zd5k-c12h-c3ae

summary The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

fixed_packages

url pkg:alpm/archlinux/firefox@51.0.1-1

purl pkg:alpm/archlinux/firefox@51.0.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-173r-g4tm-tbdk

vulnerability	VCID-1jrf-kzc8-87b8

vulnerability	VCID-41k8-gnnn-17hp

vulnerability	VCID-4gky-p4gv-u7cw

vulnerability	VCID-4ncv-bsfh-kufk

vulnerability	VCID-53n9-hyzh-yyaz

vulnerability	VCID-5ptb-5a8k-27ff

vulnerability	VCID-5vdw-pucj-83df

vulnerability	VCID-6rhu-j1hm-5yc5

vulnerability	VCID-7rvf-ac7d-6fa6

vulnerability	VCID-96xh-fdtu-5fh3

vulnerability	VCID-9ymk-b2sg-3bfh

vulnerability	VCID-d5gv-m4u7-3bfc

vulnerability	VCID-ddhr-r6rr-q7ah

vulnerability	VCID-e2vh-ny9f-vugv

vulnerability	VCID-ez33-vkty-bkcx

vulnerability	VCID-hdfp-hcar-hqdj

vulnerability	VCID-jc41-75ha-97c9

vulnerability	VCID-kxgc-ypqu-9fd9

vulnerability	VCID-m2ee-rr9r-u3ge

vulnerability	VCID-m4jq-6tmd-p7gh

vulnerability	VCID-nv26-s56m-vkdh

vulnerability	VCID-rmrk-stbr-tbf7

vulnerability	VCID-wx4s-73zs-cfap

vulnerability	VCID-xtbe-gv4p-23fn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1

aliases CVE-2017-5381

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd5k-c12h-c3ae

url VCID-zysf-gywg-qyga

vulnerability_id VCID-zysf-gywg-qyga

summary A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.

references

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url