Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1936?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1936?format=api", "purl": "pkg:alpm/archlinux/firefox@49.0.2-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "49.0.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "52.0-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/232?format=api", "vulnerability_id": "VCID-1es7-pnwd-pfdw", "summary": "A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9066" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1es7-pnwd-pfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/263?format=api", "vulnerability_id": "VCID-41ax-gkjj-d7ec", "summary": "Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41ax-gkjj-d7ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/277?format=api", "vulnerability_id": "VCID-4nfp-3yek-eqfw", "summary": "Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nfp-3yek-eqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/229?format=api", "vulnerability_id": "VCID-6xqg-t9fu-2kfk", "summary": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5296" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqg-t9fu-2kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267?format=api", "vulnerability_id": "VCID-9aj3-pduq-93bw", "summary": "Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9077" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9aj3-pduq-93bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/261?format=api", "vulnerability_id": "VCID-9pxz-tehe-fff2", "summary": "Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9064" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9pxz-tehe-fff2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233?format=api", "vulnerability_id": "VCID-9tuh-j2va-53hy", "summary": "A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5291" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tuh-j2va-53hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/264?format=api", "vulnerability_id": "VCID-cejq-ngz9-myf7", "summary": "A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9068" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cejq-ngz9-myf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/276?format=api", "vulnerability_id": "VCID-ea8u-5x5j-dkch", "summary": "An integer overflow during the parsing of XML using the Expat library.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9063" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8u-5x5j-dkch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/235?format=api", "vulnerability_id": "VCID-kkjv-tyxm-6ub7", "summary": "Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5290" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjv-tyxm-6ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266?format=api", "vulnerability_id": "VCID-p5hf-wuz3-d7er", "summary": "An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9075" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5hf-wuz3-d7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259?format=api", "vulnerability_id": "VCID-qxva-bj1v-3uf3", "summary": "During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5292" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxva-bj1v-3uf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278?format=api", "vulnerability_id": "VCID-r153-j1t8-xucb", "summary": "Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5289" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r153-j1t8-xucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/274?format=api", "vulnerability_id": "VCID-tdn9-kq47-yfg3", "summary": "WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9073" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdn9-kq47-yfg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/231?format=api", "vulnerability_id": "VCID-vhgu-g4te-7bff", "summary": "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5297" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhgu-g4te-7bff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/275?format=api", "vulnerability_id": "VCID-vk8t-73y8-3qgr", "summary": "An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vk8t-73y8-3qgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273?format=api", "vulnerability_id": "VCID-zj8v-3yfk-83bb", "summary": "A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.", "references": [ { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9070" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8v-3yfk-83bb" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0.2-1" }