Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/firefox@50.0-1

Type alpm

Namespace archlinux

Name firefox

Version 50.0-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 52.0-1

Latest_non_vulnerable_version 101.0-1

Affected_by_vulnerabilities

url VCID-fd7y-6r4r-87dz

vulnerability_id VCID-fd7y-6r4r-87dz

summary Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*

references

reference_url	https://security.archlinux.org/ASA-201612-1
reference_id	ASA-201612-1
reference_type
scores
url	https://security.archlinux.org/ASA-201612-1

reference_url

https://security.archlinux.org/AVG-90

reference_id

AVG-90

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-91

reference_id

mfsa2016-91

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-91

fixed_packages

url pkg:alpm/archlinux/firefox@50.0.2-1

purl pkg:alpm/archlinux/firefox@50.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gqm-2jym-m3g7

vulnerability	VCID-28u2-f3bg-jufy

vulnerability	VCID-2dx6-ehwy-xubu

vulnerability	VCID-4cyw-yxhd-77af

vulnerability	VCID-4eg8-dc82-fqd6

vulnerability	VCID-9kvv-4mne-37dt

vulnerability	VCID-bbze-6awa-ryeq

vulnerability	VCID-m1ve-ttqh-3ucn

vulnerability	VCID-t15g-6442-cufj

vulnerability	VCID-uh2v-m8c2-6fd6

vulnerability	VCID-vdup-4rw5-bke7

vulnerability	VCID-wbtg-ecpe-8bcy

vulnerability	VCID-zbxg-zh9z-n7gg

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1

aliases CVE-2016-9078

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fd7y-6r4r-87dz

url VCID-k1rz-f92p-ducs

vulnerability_id VCID-k1rz-f92p-ducs

summary A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url	https://security.archlinux.org/ASA-201612-1
reference_id	ASA-201612-1
reference_type
scores
url	https://security.archlinux.org/ASA-201612-1

reference_url	https://security.archlinux.org/ASA-201612-2
reference_id	ASA-201612-2
reference_type
scores
url	https://security.archlinux.org/ASA-201612-2

reference_url

https://security.archlinux.org/AVG-90

reference_id

AVG-90

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-90

reference_url

https://security.archlinux.org/AVG-91

reference_id

AVG-91

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-91

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-92

reference_id

mfsa2016-92

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-92

fixed_packages

url pkg:alpm/archlinux/firefox@50.0.2-1

purl pkg:alpm/archlinux/firefox@50.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gqm-2jym-m3g7

vulnerability	VCID-28u2-f3bg-jufy

vulnerability	VCID-2dx6-ehwy-xubu

vulnerability	VCID-4cyw-yxhd-77af

vulnerability	VCID-4eg8-dc82-fqd6

vulnerability	VCID-9kvv-4mne-37dt

vulnerability	VCID-bbze-6awa-ryeq

vulnerability	VCID-m1ve-ttqh-3ucn

vulnerability	VCID-t15g-6442-cufj

vulnerability	VCID-uh2v-m8c2-6fd6

vulnerability	VCID-vdup-4rw5-bke7

vulnerability	VCID-wbtg-ecpe-8bcy

vulnerability	VCID-zbxg-zh9z-n7gg

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1

aliases CVE-2016-9079

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs

Fixing_vulnerabilities

url VCID-1es7-pnwd-pfdw

vulnerability_id VCID-1es7-pnwd-pfdw

summary A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9066

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1es7-pnwd-pfdw

url VCID-41ax-gkjj-d7ec

vulnerability_id VCID-41ax-gkjj-d7ec

summary Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9067

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41ax-gkjj-d7ec

url VCID-4nfp-3yek-eqfw

vulnerability_id VCID-4nfp-3yek-eqfw

summary Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9071

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4nfp-3yek-eqfw

url VCID-6xqg-t9fu-2kfk

vulnerability_id VCID-6xqg-t9fu-2kfk

summary A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-5296

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqg-t9fu-2kfk

url VCID-9aj3-pduq-93bw

vulnerability_id VCID-9aj3-pduq-93bw

summary Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9077

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9aj3-pduq-93bw

url VCID-9pxz-tehe-fff2

vulnerability_id VCID-9pxz-tehe-fff2

summary Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9064

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9pxz-tehe-fff2

url VCID-9tuh-j2va-53hy

vulnerability_id VCID-9tuh-j2va-53hy

summary A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-5291

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9tuh-j2va-53hy

url VCID-cejq-ngz9-myf7

vulnerability_id VCID-cejq-ngz9-myf7

summary A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9068

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cejq-ngz9-myf7

url VCID-ea8u-5x5j-dkch

vulnerability_id VCID-ea8u-5x5j-dkch

summary An integer overflow during the parsing of XML using the Expat library.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9063

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8u-5x5j-dkch

url VCID-kkjv-tyxm-6ub7

vulnerability_id VCID-kkjv-tyxm-6ub7

summary Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-5290

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjv-tyxm-6ub7

url VCID-p5hf-wuz3-d7er

vulnerability_id VCID-p5hf-wuz3-d7er

summary An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9075

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5hf-wuz3-d7er

url VCID-qxva-bj1v-3uf3

vulnerability_id VCID-qxva-bj1v-3uf3

summary During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-5292

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxva-bj1v-3uf3

url VCID-r153-j1t8-xucb

vulnerability_id VCID-r153-j1t8-xucb

summary Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-5289

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r153-j1t8-xucb

url VCID-tdn9-kq47-yfg3

vulnerability_id VCID-tdn9-kq47-yfg3

summary WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9073

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tdn9-kq47-yfg3

url VCID-vhgu-g4te-7bff

vulnerability_id VCID-vhgu-g4te-7bff

summary An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-5297

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhgu-g4te-7bff

url VCID-vk8t-73y8-3qgr

vulnerability_id VCID-vk8t-73y8-3qgr

summary An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9076

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vk8t-73y8-3qgr

url VCID-zj8v-3yfk-83bb

vulnerability_id VCID-zj8v-3yfk-83bb

summary A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.

references

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fd7y-6r4r-87dz

vulnerability	VCID-k1rz-f92p-ducs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

aliases CVE-2016-9070

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8v-3yfk-83bb

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

Package Instance