Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1900?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "51.0.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "52.0-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/526?format=api", "vulnerability_id": "VCID-173r-g4tm-tbdk", "summary": "An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5415" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-173r-g4tm-tbdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/532?format=api", "vulnerability_id": "VCID-1jrf-kzc8-87b8", "summary": "An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5418" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jrf-kzc8-87b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/525?format=api", "vulnerability_id": "VCID-41k8-gnnn-17hp", "summary": "The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5414" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41k8-gnnn-17hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/522?format=api", "vulnerability_id": "VCID-4gky-p4gv-u7cw", "summary": "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5408" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gky-p4gv-u7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/519?format=api", "vulnerability_id": "VCID-4ncv-bsfh-kufk", "summary": "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5410" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ncv-bsfh-kufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/539?format=api", "vulnerability_id": "VCID-53n9-hyzh-yyaz", "summary": "Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5398" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53n9-hyzh-yyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/537?format=api", "vulnerability_id": "VCID-5ptb-5a8k-27ff", "summary": "If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5422" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ptb-5a8k-27ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/515?format=api", "vulnerability_id": "VCID-5vdw-pucj-83df", "summary": "When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5403" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vdw-pucj-83df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/531?format=api", "vulnerability_id": "VCID-6rhu-j1hm-5yc5", "summary": "A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5427" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6rhu-j1hm-5yc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/533?format=api", "vulnerability_id": "VCID-7rvf-ac7d-6fa6", "summary": "If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5419" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rvf-ac7d-6fa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/530?format=api", "vulnerability_id": "VCID-96xh-fdtu-5fh3", "summary": "On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. *Note: this issue only affects Linux. Other operating systems are not affected.*", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5426" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96xh-fdtu-5fh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/517?format=api", "vulnerability_id": "VCID-9ymk-b2sg-3bfh", "summary": "A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ymk-b2sg-3bfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/512?format=api", "vulnerability_id": "VCID-d5gv-m4u7-3bfc", "summary": "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gv-m4u7-3bfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/538?format=api", "vulnerability_id": "VCID-ddhr-r6rr-q7ah", "summary": "Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and André Bargull reported memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddhr-r6rr-q7ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/534?format=api", "vulnerability_id": "VCID-e2vh-ny9f-vugv", "summary": "A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5420" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2vh-ny9f-vugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/523?format=api", "vulnerability_id": "VCID-ez33-vkty-bkcx", "summary": "A buffer overflow read during SVG filter color value operations, resulting in data exposure.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5412" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ez33-vkty-bkcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/536?format=api", "vulnerability_id": "VCID-hdfp-hcar-hqdj", "summary": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5421" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdfp-hcar-hqdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/513?format=api", "vulnerability_id": "VCID-jc41-75ha-97c9", "summary": "A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5401" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-75ha-97c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/527?format=api", "vulnerability_id": "VCID-kxgc-ypqu-9fd9", "summary": "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5416" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxgc-ypqu-9fd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/535?format=api", "vulnerability_id": "VCID-m2ee-rr9r-u3ge", "summary": "Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5405" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ee-rr9r-u3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/528?format=api", "vulnerability_id": "VCID-m4jq-6tmd-p7gh", "summary": "When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5417" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4jq-6tmd-p7gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/518?format=api", "vulnerability_id": "VCID-nv26-s56m-vkdh", "summary": "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5407" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nv26-s56m-vkdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/524?format=api", "vulnerability_id": "VCID-rmrk-stbr-tbf7", "summary": "A segmentation fault can occur during some bidirectional layout operations.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5413" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmrk-stbr-tbf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/514?format=api", "vulnerability_id": "VCID-wx4s-73zs-cfap", "summary": "A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5402" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wx4s-73zs-cfap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/516?format=api", "vulnerability_id": "VCID-xtbe-gv4p-23fn", "summary": "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1901?format=api", "purl": "pkg:alpm/archlinux/firefox@52.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0-1" } ], "aliases": [ "CVE-2017-5404" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtbe-gv4p-23fn" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/546?format=api", "vulnerability_id": "VCID-11uz-v7pw-v7hw", "summary": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5383" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/540?format=api", "vulnerability_id": "VCID-3am9-1vdf-27gt", "summary": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/541?format=api", "vulnerability_id": "VCID-442s-jgvp-gfav", "summary": "Use-after-free while manipulating XSL in XSLT documents", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/689?format=api", "vulnerability_id": "VCID-52sd-uf2t-wkam", "summary": "Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52sd-uf2t-wkam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/547?format=api", "vulnerability_id": "VCID-5m57-7cch-v3ga", "summary": "Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/685?format=api", "vulnerability_id": "VCID-7h8u-eu8y-1kha", "summary": "The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5393" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7h8u-eu8y-1kha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/545?format=api", "vulnerability_id": "VCID-bn6e-q2fz-7fba", "summary": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5396" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/683?format=api", "vulnerability_id": "VCID-d6tp-qmay-tbf6", "summary": "Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5391" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tp-qmay-tbf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/675?format=api", "vulnerability_id": "VCID-fhdf-bwes-dkbc", "summary": "A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhdf-bwes-dkbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/687?format=api", "vulnerability_id": "VCID-hhp4-mh9x-pkfc", "summary": "The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5387" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhp4-mh9x-pkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/542?format=api", "vulnerability_id": "VCID-m7n2-1ppv-jfcm", "summary": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/544?format=api", "vulnerability_id": "VCID-n9bg-836z-abb8", "summary": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5390" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/679?format=api", "vulnerability_id": "VCID-qp5g-hk6b-8qck", "summary": "Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5382" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp5g-hk6b-8qck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/677?format=api", "vulnerability_id": "VCID-t84w-xvmd-sudf", "summary": "WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t84w-xvmd-sudf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/681?format=api", "vulnerability_id": "VCID-urn6-j25v-pkdz", "summary": "Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5385" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urn6-j25v-pkdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/680?format=api", "vulnerability_id": "VCID-vz3w-t1uk-ubb7", "summary": "Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5384" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz3w-t1uk-ubb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/674?format=api", "vulnerability_id": "VCID-w6s6-79aa-ubg4", "summary": "WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5386" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6s6-79aa-ubg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/676?format=api", "vulnerability_id": "VCID-w7y8-j3y5-v3ex", "summary": "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5379" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7y8-j3y5-v3ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/543?format=api", "vulnerability_id": "VCID-yk3y-5my9-auak", "summary": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/678?format=api", "vulnerability_id": "VCID-zd5k-c12h-c3ae", "summary": "The \"export\" function in the Certificate Viewer can force local filesystem navigation when the \"common name\" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5381" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd5k-c12h-c3ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/688?format=api", "vulnerability_id": "VCID-zysf-gywg-qyga", "summary": "A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5388" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zysf-gywg-qyga" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" }