Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1921?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1921?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0.2-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "50.0.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "52.0-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/225?format=api", "vulnerability_id": "VCID-1gqm-2jym-m3g7", "summary": "The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. *Note: this issue does not affect users with e10s enabled.*", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9902" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqm-2jym-m3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219?format=api", "vulnerability_id": "VCID-28u2-f3bg-jufy", "summary": "Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.*", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9896" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28u2-f3bg-jufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217?format=api", "vulnerability_id": "VCID-2dx6-ehwy-xubu", "summary": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9899" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218?format=api", "vulnerability_id": "VCID-4cyw-yxhd-77af", "summary": "Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9895" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/228?format=api", "vulnerability_id": "VCID-4eg8-dc82-fqd6", "summary": "Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9893" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/226?format=api", "vulnerability_id": "VCID-9kvv-4mne-37dt", "summary": "Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9903" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvv-4mne-37dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/227?format=api", "vulnerability_id": "VCID-bbze-6awa-ryeq", "summary": "Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9080" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbze-6awa-ryeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/222?format=api", "vulnerability_id": "VCID-m1ve-ttqh-3ucn", "summary": "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9900" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/216?format=api", "vulnerability_id": "VCID-t15g-6442-cufj", "summary": "A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9894" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t15g-6442-cufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/224?format=api", "vulnerability_id": "VCID-uh2v-m8c2-6fd6", "summary": "HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9901" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh2v-m8c2-6fd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/221?format=api", "vulnerability_id": "VCID-vdup-4rw5-bke7", "summary": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9898" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220?format=api", "vulnerability_id": "VCID-wbtg-ecpe-8bcy", "summary": "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9897" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223?format=api", "vulnerability_id": "VCID-zbxg-zh9z-n7gg", "summary": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1914?format=api", "purl": "pkg:alpm/archlinux/firefox@50.1.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-52sd-uf2t-wkam" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-7h8u-eu8y-1kha" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-d6tp-qmay-tbf6" }, { "vulnerability": "VCID-fhdf-bwes-dkbc" }, { "vulnerability": "VCID-hhp4-mh9x-pkfc" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-qp5g-hk6b-8qck" }, { "vulnerability": "VCID-t84w-xvmd-sudf" }, { "vulnerability": "VCID-urn6-j25v-pkdz" }, { "vulnerability": "VCID-vz3w-t1uk-ubb7" }, { "vulnerability": "VCID-w6s6-79aa-ubg4" }, { "vulnerability": "VCID-w7y8-j3y5-v3ex" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-zd5k-c12h-c3ae" }, { "vulnerability": "VCID-zysf-gywg-qyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1" } ], "aliases": [ "CVE-2016-9904" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/248?format=api", "vulnerability_id": "VCID-fd7y-6r4r-87dz", "summary": "Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-1", "reference_id": "ASA-201612-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-1" }, { "reference_url": "https://security.archlinux.org/AVG-90", "reference_id": "AVG-90", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91", "reference_id": "mfsa2016-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1921?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqm-2jym-m3g7" }, { "vulnerability": "VCID-28u2-f3bg-jufy" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-9kvv-4mne-37dt" }, { "vulnerability": "VCID-bbze-6awa-ryeq" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-t15g-6442-cufj" }, { "vulnerability": "VCID-uh2v-m8c2-6fd6" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1" } ], "aliases": [ "CVE-2016-9078" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fd7y-6r4r-87dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250?format=api", "vulnerability_id": "VCID-k1rz-f92p-ducs", "summary": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201612-1", "reference_id": "ASA-201612-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-1" }, { "reference_url": "https://security.archlinux.org/ASA-201612-2", "reference_id": "ASA-201612-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-2" }, { "reference_url": "https://security.archlinux.org/AVG-90", "reference_id": "AVG-90", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-90" }, { "reference_url": "https://security.archlinux.org/AVG-91", "reference_id": "AVG-91", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-91" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92", "reference_id": "mfsa2016-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1921?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqm-2jym-m3g7" }, { "vulnerability": "VCID-28u2-f3bg-jufy" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-9kvv-4mne-37dt" }, { "vulnerability": "VCID-bbze-6awa-ryeq" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-t15g-6442-cufj" }, { "vulnerability": "VCID-uh2v-m8c2-6fd6" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1" } ], "aliases": [ "CVE-2016-9079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1" }