Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1914?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "50.1.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "52.0-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/546?format=api", "vulnerability_id": "VCID-11uz-v7pw-v7hw", "summary": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5383" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/540?format=api", "vulnerability_id": "VCID-3am9-1vdf-27gt", "summary": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/541?format=api", "vulnerability_id": "VCID-442s-jgvp-gfav", "summary": "Use-after-free while manipulating XSL in XSLT documents", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/689?format=api", "vulnerability_id": "VCID-52sd-uf2t-wkam", "summary": "Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52sd-uf2t-wkam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/547?format=api", "vulnerability_id": "VCID-5m57-7cch-v3ga", "summary": "Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/685?format=api", "vulnerability_id": "VCID-7h8u-eu8y-1kha", "summary": "The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5393" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7h8u-eu8y-1kha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/545?format=api", "vulnerability_id": "VCID-bn6e-q2fz-7fba", "summary": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5396" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/683?format=api", "vulnerability_id": "VCID-d6tp-qmay-tbf6", "summary": "Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5391" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tp-qmay-tbf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/675?format=api", "vulnerability_id": "VCID-fhdf-bwes-dkbc", "summary": "A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhdf-bwes-dkbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/687?format=api", "vulnerability_id": "VCID-hhp4-mh9x-pkfc", "summary": "The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5387" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhp4-mh9x-pkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/542?format=api", "vulnerability_id": "VCID-m7n2-1ppv-jfcm", "summary": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/544?format=api", "vulnerability_id": "VCID-n9bg-836z-abb8", "summary": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5390" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/679?format=api", "vulnerability_id": "VCID-qp5g-hk6b-8qck", "summary": "Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5382" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp5g-hk6b-8qck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/677?format=api", "vulnerability_id": "VCID-t84w-xvmd-sudf", "summary": "WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t84w-xvmd-sudf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/681?format=api", "vulnerability_id": "VCID-urn6-j25v-pkdz", "summary": "Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5385" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urn6-j25v-pkdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/680?format=api", "vulnerability_id": "VCID-vz3w-t1uk-ubb7", "summary": "Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5384" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz3w-t1uk-ubb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/674?format=api", "vulnerability_id": "VCID-w6s6-79aa-ubg4", "summary": "WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5386" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6s6-79aa-ubg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/676?format=api", "vulnerability_id": "VCID-w7y8-j3y5-v3ex", "summary": "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5379" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7y8-j3y5-v3ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/543?format=api", "vulnerability_id": "VCID-yk3y-5my9-auak", "summary": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/678?format=api", "vulnerability_id": "VCID-zd5k-c12h-c3ae", "summary": "The \"export\" function in the Certificate Viewer can force local filesystem navigation when the \"common name\" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5381" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd5k-c12h-c3ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/688?format=api", "vulnerability_id": "VCID-zysf-gywg-qyga", "summary": "A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1900?format=api", "purl": "pkg:alpm/archlinux/firefox@51.0.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-173r-g4tm-tbdk" }, { "vulnerability": "VCID-1jrf-kzc8-87b8" }, { "vulnerability": "VCID-41k8-gnnn-17hp" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5ptb-5a8k-27ff" }, { "vulnerability": "VCID-5vdw-pucj-83df" }, { "vulnerability": "VCID-6rhu-j1hm-5yc5" }, { "vulnerability": "VCID-7rvf-ac7d-6fa6" }, { "vulnerability": "VCID-96xh-fdtu-5fh3" }, { "vulnerability": "VCID-9ymk-b2sg-3bfh" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddhr-r6rr-q7ah" }, { "vulnerability": "VCID-e2vh-ny9f-vugv" }, { "vulnerability": "VCID-ez33-vkty-bkcx" }, { "vulnerability": "VCID-hdfp-hcar-hqdj" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-kxgc-ypqu-9fd9" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m4jq-6tmd-p7gh" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-rmrk-stbr-tbf7" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1" } ], "aliases": [ "CVE-2017-5388" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zysf-gywg-qyga" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/225?format=api", "vulnerability_id": "VCID-1gqm-2jym-m3g7", "summary": "The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. *Note: this issue does not affect users with e10s enabled.*", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9902" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqm-2jym-m3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219?format=api", "vulnerability_id": "VCID-28u2-f3bg-jufy", "summary": "Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.*", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9896" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28u2-f3bg-jufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217?format=api", "vulnerability_id": "VCID-2dx6-ehwy-xubu", "summary": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9899" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218?format=api", "vulnerability_id": "VCID-4cyw-yxhd-77af", "summary": "Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9895" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/228?format=api", "vulnerability_id": "VCID-4eg8-dc82-fqd6", "summary": "Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9893" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/226?format=api", "vulnerability_id": "VCID-9kvv-4mne-37dt", "summary": "Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9903" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvv-4mne-37dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/227?format=api", "vulnerability_id": "VCID-bbze-6awa-ryeq", "summary": "Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9080" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbze-6awa-ryeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/222?format=api", "vulnerability_id": "VCID-m1ve-ttqh-3ucn", "summary": "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9900" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216?format=api", "vulnerability_id": "VCID-t15g-6442-cufj", "summary": "A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9894" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t15g-6442-cufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224?format=api", "vulnerability_id": "VCID-uh2v-m8c2-6fd6", "summary": "HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9901" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh2v-m8c2-6fd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/221?format=api", "vulnerability_id": "VCID-vdup-4rw5-bke7", "summary": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9898" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220?format=api", "vulnerability_id": "VCID-wbtg-ecpe-8bcy", "summary": "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9897" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223?format=api", "vulnerability_id": "VCID-zbxg-zh9z-n7gg", "summary": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9904" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" }