| 0 |
| url |
VCID-11uz-v7pw-v7hw |
| vulnerability_id |
VCID-11uz-v7pw-v7hw |
| summary |
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5383
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw |
|
| 1 |
| url |
VCID-3am9-1vdf-27gt |
| vulnerability_id |
VCID-3am9-1vdf-27gt |
| summary |
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5375
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt |
|
| 2 |
| url |
VCID-442s-jgvp-gfav |
| vulnerability_id |
VCID-442s-jgvp-gfav |
| summary |
Use-after-free while manipulating XSL in XSLT documents |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5376
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav |
|
| 3 |
| url |
VCID-52sd-uf2t-wkam |
| vulnerability_id |
VCID-52sd-uf2t-wkam |
| summary |
Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5374
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-52sd-uf2t-wkam |
|
| 4 |
| url |
VCID-5m57-7cch-v3ga |
| vulnerability_id |
VCID-5m57-7cch-v3ga |
| summary |
Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5373
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga |
|
| 5 |
| url |
VCID-7h8u-eu8y-1kha |
| vulnerability_id |
VCID-7h8u-eu8y-1kha |
| summary |
The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5393
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7h8u-eu8y-1kha |
|
| 6 |
| url |
VCID-bn6e-q2fz-7fba |
| vulnerability_id |
VCID-bn6e-q2fz-7fba |
| summary |
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5396
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba |
|
| 7 |
| url |
VCID-d6tp-qmay-tbf6 |
| vulnerability_id |
VCID-d6tp-qmay-tbf6 |
| summary |
Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5391
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tp-qmay-tbf6 |
|
| 8 |
| url |
VCID-fhdf-bwes-dkbc |
| vulnerability_id |
VCID-fhdf-bwes-dkbc |
| summary |
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5377
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fhdf-bwes-dkbc |
|
| 9 |
| url |
VCID-hhp4-mh9x-pkfc |
| vulnerability_id |
VCID-hhp4-mh9x-pkfc |
| summary |
The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5387
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hhp4-mh9x-pkfc |
|
| 10 |
| url |
VCID-m7n2-1ppv-jfcm |
| vulnerability_id |
VCID-m7n2-1ppv-jfcm |
| summary |
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5378
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm |
|
| 11 |
| url |
VCID-n9bg-836z-abb8 |
| vulnerability_id |
VCID-n9bg-836z-abb8 |
| summary |
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5390
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8 |
|
| 12 |
| url |
VCID-qp5g-hk6b-8qck |
| vulnerability_id |
VCID-qp5g-hk6b-8qck |
| summary |
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5382
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qp5g-hk6b-8qck |
|
| 13 |
| url |
VCID-t84w-xvmd-sudf |
| vulnerability_id |
VCID-t84w-xvmd-sudf |
| summary |
WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5389
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t84w-xvmd-sudf |
|
| 14 |
| url |
VCID-urn6-j25v-pkdz |
| vulnerability_id |
VCID-urn6-j25v-pkdz |
| summary |
Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5385
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-urn6-j25v-pkdz |
|
| 15 |
| url |
VCID-vz3w-t1uk-ubb7 |
| vulnerability_id |
VCID-vz3w-t1uk-ubb7 |
| summary |
Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5384
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vz3w-t1uk-ubb7 |
|
| 16 |
| url |
VCID-w6s6-79aa-ubg4 |
| vulnerability_id |
VCID-w6s6-79aa-ubg4 |
| summary |
WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5386
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w6s6-79aa-ubg4 |
|
| 17 |
| url |
VCID-w7y8-j3y5-v3ex |
| vulnerability_id |
VCID-w7y8-j3y5-v3ex |
| summary |
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5379
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w7y8-j3y5-v3ex |
|
| 18 |
| url |
VCID-yk3y-5my9-auak |
| vulnerability_id |
VCID-yk3y-5my9-auak |
| summary |
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5380
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak |
|
| 19 |
| url |
VCID-zd5k-c12h-c3ae |
| vulnerability_id |
VCID-zd5k-c12h-c3ae |
| summary |
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5381
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zd5k-c12h-c3ae |
|
| 20 |
| url |
VCID-zysf-gywg-qyga |
| vulnerability_id |
VCID-zysf-gywg-qyga |
| summary |
A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| purl |
pkg:alpm/archlinux/firefox@51.0.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-173r-g4tm-tbdk |
|
| 1 |
| vulnerability |
VCID-1jrf-kzc8-87b8 |
|
| 2 |
| vulnerability |
VCID-41k8-gnnn-17hp |
|
| 3 |
| vulnerability |
VCID-4gky-p4gv-u7cw |
|
| 4 |
| vulnerability |
VCID-4ncv-bsfh-kufk |
|
| 5 |
| vulnerability |
VCID-53n9-hyzh-yyaz |
|
| 6 |
| vulnerability |
VCID-5ptb-5a8k-27ff |
|
| 7 |
| vulnerability |
VCID-5vdw-pucj-83df |
|
| 8 |
| vulnerability |
VCID-6rhu-j1hm-5yc5 |
|
| 9 |
| vulnerability |
VCID-7rvf-ac7d-6fa6 |
|
| 10 |
| vulnerability |
VCID-96xh-fdtu-5fh3 |
|
| 11 |
| vulnerability |
VCID-9ymk-b2sg-3bfh |
|
| 12 |
| vulnerability |
VCID-d5gv-m4u7-3bfc |
|
| 13 |
| vulnerability |
VCID-ddhr-r6rr-q7ah |
|
| 14 |
| vulnerability |
VCID-e2vh-ny9f-vugv |
|
| 15 |
| vulnerability |
VCID-ez33-vkty-bkcx |
|
| 16 |
| vulnerability |
VCID-hdfp-hcar-hqdj |
|
| 17 |
| vulnerability |
VCID-jc41-75ha-97c9 |
|
| 18 |
| vulnerability |
VCID-kxgc-ypqu-9fd9 |
|
| 19 |
| vulnerability |
VCID-m2ee-rr9r-u3ge |
|
| 20 |
| vulnerability |
VCID-m4jq-6tmd-p7gh |
|
| 21 |
| vulnerability |
VCID-nv26-s56m-vkdh |
|
| 22 |
| vulnerability |
VCID-rmrk-stbr-tbf7 |
|
| 23 |
| vulnerability |
VCID-wx4s-73zs-cfap |
|
| 24 |
| vulnerability |
VCID-xtbe-gv4p-23fn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1 |
|
|
| aliases |
CVE-2017-5388
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zysf-gywg-qyga |
|