Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/firefox@50.0.2-1

Type alpm

Namespace archlinux

Name firefox

Version 50.0.2-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 52.0-1

Latest_non_vulnerable_version 101.0-1

Affected_by_vulnerabilities

url VCID-1tcx-3zn1-ykdq

vulnerability_id VCID-1tcx-3zn1-ykdq

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9904

reference_id

reference_type

scores

value	0.01192
scoring_system	epss
scoring_elements	0.78896
published_at	2026-04-24T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78848
published_at	2026-04-09T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78871
published_at	2026-04-11T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78854
published_at	2026-04-12T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78845
published_at	2026-04-13T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78873
published_at	2026-04-16T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.7887
published_at	2026-04-18T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78868
published_at	2026-04-21T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78797
published_at	2026-04-01T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78804
published_at	2026-04-02T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78833
published_at	2026-04-04T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78816
published_at	2026-04-07T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78841
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9904

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317936

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404091
reference_id	1404091
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404091

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9904

reference_id

CVE-2016-9904

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9904

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9904

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tcx-3zn1-ykdq

url VCID-2ptm-gx1p-uyhf

vulnerability_id VCID-2ptm-gx1p-uyhf

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9897

reference_id

reference_type

scores

value	0.0395
scoring_system	epss
scoring_elements	0.88381
published_at	2026-04-24T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88344
published_at	2026-04-08T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88351
published_at	2026-04-09T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88361
published_at	2026-04-11T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88353
published_at	2026-04-13T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88368
published_at	2026-04-16T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88365
published_at	2026-04-18T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88364
published_at	2026-04-21T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88298
published_at	2026-04-01T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88306
published_at	2026-04-02T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.8832
published_at	2026-04-04T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88325
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9897

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1301381
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1301381

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404087
reference_id	1404087
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404087

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
reference_id	cpe:2.3:a:mozilla:firefox_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9897

reference_id

CVE-2016-9897

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9897

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9897

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ptm-gx1p-uyhf

url VCID-2xe3-59tz-zbc3

vulnerability_id VCID-2xe3-59tz-zbc3

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9901.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9901.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9901

reference_id

reference_type

scores

value	0.0203
scoring_system	epss
scoring_elements	0.83857
published_at	2026-04-24T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83792
published_at	2026-04-09T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83808
published_at	2026-04-11T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83801
published_at	2026-04-12T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83797
published_at	2026-04-13T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83831
published_at	2026-04-18T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83832
published_at	2026-04-21T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83731
published_at	2026-04-01T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83744
published_at	2026-04-02T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83759
published_at	2026-04-04T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83762
published_at	2026-04-07T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83786
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9901

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320057
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404358
reference_id	1404358
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404358

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9901

reference_id

CVE-2016-9901

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9901

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9901

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xe3-59tz-zbc3

url VCID-4d2q-usge-77ft

vulnerability_id VCID-4d2q-usge-77ft

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9898

reference_id

reference_type

scores

value	0.02604
scoring_system	epss
scoring_elements	0.85668
published_at	2026-04-24T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85616
published_at	2026-04-09T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85629
published_at	2026-04-11T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85626
published_at	2026-04-12T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85622
published_at	2026-04-13T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85645
published_at	2026-04-16T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.8565
published_at	2026-04-18T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85647
published_at	2026-04-21T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.8555
published_at	2026-04-01T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85562
published_at	2026-04-02T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.8558
published_at	2026-04-04T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85585
published_at	2026-04-07T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85605
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9898

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1314442
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1314442

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404089
reference_id	1404089
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404089

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9898

reference_id

CVE-2016-9898

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9898

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9898

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4d2q-usge-77ft

url VCID-5dyh-s3yd-vqes

vulnerability_id VCID-5dyh-s3yd-vqes

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9895

reference_id

reference_type

scores

value	0.00709
scoring_system	epss
scoring_elements	0.72291
published_at	2026-04-24T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72213
published_at	2026-04-09T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72236
published_at	2026-04-11T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.7222
published_at	2026-04-12T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72206
published_at	2026-04-13T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72249
published_at	2026-04-16T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72259
published_at	2026-04-18T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72246
published_at	2026-04-21T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72161
published_at	2026-04-01T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72166
published_at	2026-04-02T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72186
published_at	2026-04-04T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72164
published_at	2026-04-07T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72201
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9895

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1312272
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1312272

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404086
reference_id	1404086
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404086

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9895

reference_id

CVE-2016-9895

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9895

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9895

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5dyh-s3yd-vqes

url VCID-9fsb-vzuc-efc5

vulnerability_id VCID-9fsb-vzuc-efc5

summary A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9894

reference_id

reference_type

scores

value	0.01889
scoring_system	epss
scoring_elements	0.83243
published_at	2026-04-24T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83114
published_at	2026-04-01T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83185
published_at	2026-04-12T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83181
published_at	2026-04-13T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83217
published_at	2026-04-16T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83218
published_at	2026-04-18T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83221
published_at	2026-04-21T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83131
published_at	2026-04-02T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83144
published_at	2026-04-04T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83142
published_at	2026-04-07T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83167
published_at	2026-04-08T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83175
published_at	2026-04-09T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83191
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9894

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1306628
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1306628

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9894

reference_id

CVE-2016-9894

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9894

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9894

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fsb-vzuc-efc5

url VCID-fgnu-kh7z-xuau

vulnerability_id VCID-fgnu-kh7z-xuau

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9902.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9902

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61399
published_at	2026-04-24T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61421
published_at	2026-04-11T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61406
published_at	2026-04-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61387
published_at	2026-04-13T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61425
published_at	2026-04-16T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61429
published_at	2026-04-18T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61412
published_at	2026-04-21T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61259
published_at	2026-04-01T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61339
published_at	2026-04-02T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61368
published_at	2026-04-04T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61338
published_at	2026-04-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61384
published_at	2026-04-08T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.614
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9902

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320039
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404359
reference_id	1404359
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404359

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9902

reference_id

CVE-2016-9902

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9902

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9902

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fgnu-kh7z-xuau

url VCID-gqhc-h5p7-dyh1

vulnerability_id VCID-gqhc-h5p7-dyh1

summary Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9903

reference_id

reference_type

scores

value	0.0071
scoring_system	epss
scoring_elements	0.72296
published_at	2026-04-24T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72165
published_at	2026-04-01T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72225
published_at	2026-04-12T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72211
published_at	2026-04-13T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72254
published_at	2026-04-16T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72264
published_at	2026-04-18T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.7225
published_at	2026-04-21T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72171
published_at	2026-04-02T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72191
published_at	2026-04-04T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72169
published_at	2026-04-07T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72206
published_at	2026-04-08T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72218
published_at	2026-04-09T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72241
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9903

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315435
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315435

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	0
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:M/C:N/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9903

reference_id

CVE-2016-9903

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9903

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9903

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqhc-h5p7-dyh1

url VCID-m5pb-75ag-tfep

vulnerability_id VCID-m5pb-75ag-tfep

summary Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.*

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9896

reference_id

reference_type

scores

value	0.01539
scoring_system	epss
scoring_elements	0.81422
published_at	2026-04-24T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81299
published_at	2026-04-01T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81384
published_at	2026-04-11T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81369
published_at	2026-04-12T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81361
published_at	2026-04-13T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81399
published_at	2026-04-16T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.814
published_at	2026-04-21T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81308
published_at	2026-04-02T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.8133
published_at	2026-04-04T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81329
published_at	2026-04-07T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81358
published_at	2026-04-08T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81363
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9896

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315543
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315543

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9896

reference_id

CVE-2016-9896

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9896

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9896

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5pb-75ag-tfep

url VCID-pbrt-gcqj-kycv

vulnerability_id VCID-pbrt-gcqj-kycv

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9900

reference_id

reference_type

scores

value	0.01011
scoring_system	epss
scoring_elements	0.77177
published_at	2026-04-24T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77107
published_at	2026-04-09T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77135
published_at	2026-04-11T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77114
published_at	2026-04-12T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77109
published_at	2026-04-13T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77149
published_at	2026-04-16T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77151
published_at	2026-04-18T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77142
published_at	2026-04-21T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77049
published_at	2026-04-01T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77055
published_at	2026-04-02T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77083
published_at	2026-04-04T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77065
published_at	2026-04-07T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77097
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9900

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319122
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404090
reference_id	1404090
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404090

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9900

reference_id

CVE-2016-9900

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9900

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9900

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbrt-gcqj-kycv

url VCID-qu91-vc1p-dyb1

vulnerability_id VCID-qu91-vc1p-dyb1

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9899

reference_id

reference_type

scores

value	0.36421
scoring_system	epss
scoring_elements	0.97134
published_at	2026-04-24T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97102
published_at	2026-04-07T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97112
published_at	2026-04-09T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97116
published_at	2026-04-11T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97117
published_at	2026-04-12T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97118
published_at	2026-04-13T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97126
published_at	2026-04-16T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97129
published_at	2026-04-18T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97089
published_at	2026-04-01T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97096
published_at	2026-04-02T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97101
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9899

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317409
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317409

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.exploit-db.com/exploits/41042/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/41042/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404083
reference_id	1404083
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404083

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html
reference_id	CVE-2016-9899
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9899

reference_id

CVE-2016-9899

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9899

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9899

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qu91-vc1p-dyb1

url VCID-wffz-7y83-qkbm

vulnerability_id VCID-wffz-7y83-qkbm

summary Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9080

reference_id

reference_type

scores

value	0.01847
scoring_system	epss
scoring_elements	0.83047
published_at	2026-04-24T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82917
published_at	2026-04-01T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82991
published_at	2026-04-11T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82985
published_at	2026-04-12T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82981
published_at	2026-04-13T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.8302
published_at	2026-04-18T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.83024
published_at	2026-04-21T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82934
published_at	2026-04-02T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82946
published_at	2026-04-04T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82943
published_at	2026-04-07T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82968
published_at	2026-04-08T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82975
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9080

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1289701%2C1314401%2C1315848
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1289701%2C1314401%2C1315848

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9080

reference_id

CVE-2016-9080

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9080

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9080

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wffz-7y83-qkbm

url VCID-ysg5-wc3n-fbgw

vulnerability_id VCID-ysg5-wc3n-fbgw

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9893

reference_id

reference_type

scores

value	0.02683
scoring_system	epss
scoring_elements	0.85887
published_at	2026-04-24T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85842
published_at	2026-04-09T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85856
published_at	2026-04-11T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85853
published_at	2026-04-12T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85849
published_at	2026-04-13T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85868
published_at	2026-04-16T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85873
published_at	2026-04-18T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85866
published_at	2026-04-21T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85776
published_at	2026-04-01T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85789
published_at	2026-04-02T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85807
published_at	2026-04-04T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85813
published_at	2026-04-07T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85831
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9893

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404096
reference_id	1404096
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404096

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9893

reference_id

CVE-2016-9893

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9893

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4z19-eyh7-9yf4

vulnerability	VCID-5n3q-eby7-67de

vulnerability	VCID-84kk-wfxx-t3c8

vulnerability	VCID-af6b-4jqc-fugx

vulnerability	VCID-ahzr-nr7g-5ue2

vulnerability	VCID-bjyq-1zfk-eugq

vulnerability	VCID-c8p3-ef58-wudt

vulnerability	VCID-dv2d-9a59-xkaq

vulnerability	VCID-e2ww-ngam-cugq

vulnerability	VCID-gcen-3yba-a3ht

vulnerability	VCID-hhtb-ha1v-tffj

vulnerability	VCID-htpg-t39z-nbex

vulnerability	VCID-hyhc-qud7-6uax

vulnerability	VCID-m59v-ygc2-qucg

vulnerability	VCID-qjs9-h3tt-qucf

vulnerability	VCID-r34s-64j2-dfff

vulnerability	VCID-r7te-y4n3-1uhj

vulnerability	VCID-tjjd-y1pq-ckf4

vulnerability	VCID-u1nc-fgsw-mkhc

vulnerability	VCID-vnuz-wp96-pqgt

vulnerability	VCID-vtwg-jhr9-nydc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

aliases CVE-2016-9893

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysg5-wc3n-fbgw

Fixing_vulnerabilities

url VCID-avw6-7aqv-hbaa

vulnerability_id VCID-avw6-7aqv-hbaa

summary

Multiple vulnerabilities have been found in Mozilla SeaMonkey, the
    worst of which could lead to the remote execution of arbitrary code.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2843.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://rhn.redhat.com/errata/RHSA-2016-2843.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2850.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://rhn.redhat.com/errata/RHSA-2016-2850.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9079

reference_id

reference_type

scores

value	0.84813
scoring_system	epss
scoring_elements	0.99336
published_at	2026-04-02T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.99335
published_at	2026-04-01T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.99348
published_at	2026-04-24T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.99346
published_at	2026-04-21T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.99343
published_at	2026-04-13T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.99341
published_at	2026-04-11T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.9934
published_at	2026-04-09T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.99339
published_at	2026-04-07T12:55:00Z

value	0.84813
scoring_system	epss
scoring_elements	0.99337
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9079

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1321066

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1321066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079
reference_id
reference_type
scores
url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079

reference_url

https://www.debian.org/security/2016/dsa-3730

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.debian.org/security/2016/dsa-3730

reference_url

https://www.exploit-db.com/exploits/41151/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.exploit-db.com/exploits/41151/

reference_url

https://www.exploit-db.com/exploits/42327/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.exploit-db.com/exploits/42327/

reference_url

https://www.mozilla.org/security/advisories/mfsa2016-92/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.mozilla.org/security/advisories/mfsa2016-92/

reference_url

http://www.securityfocus.com/bid/94591

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://www.securityfocus.com/bid/94591

reference_url

http://www.securitytracker.com/id/1037370

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://www.securitytracker.com/id/1037370

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1400376
reference_id	1400376
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1400376

reference_url	https://security.archlinux.org/ASA-201612-1
reference_id	ASA-201612-1
reference_type
scores
url	https://security.archlinux.org/ASA-201612-1

reference_url	https://security.archlinux.org/ASA-201612-2
reference_id	ASA-201612-2
reference_type
scores
url	https://security.archlinux.org/ASA-201612-2

reference_url

https://security.archlinux.org/AVG-90

reference_id

AVG-90

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-90

reference_url

https://security.archlinux.org/AVG-91

reference_id

AVG-91

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-91

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*
reference_id	cpe:2.3:a:mozilla:firefox:::::-:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
reference_id	cpe:2.3:a:mozilla:firefox:::::esr:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:torproject:tor:-:::::::*
reference_id	cpe:2.3:a:torproject:tor:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:torproject:tor:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:::::::*
reference_id	cpe:2.3:o:microsoft:windows:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb
reference_id	CVE-2016-9079
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb
reference_id	CVE-2016-9079
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9079

reference_id

CVE-2016-9079

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9079

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html
reference_id	CVE-2017-5375;CVE-2016-9079
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html

reference_url	https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
reference_id	CVE-2017-5375;CVE-2016-9079
reference_type	exploit
scores
url	https://rh0dev.github.io/blog/2017/the-return-of-the-jit/

reference_url

https://security.gentoo.org/glsa/201701-15

reference_id

GLSA-201701-15

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://security.gentoo.org/glsa/201701-15

reference_url

https://security.gentoo.org/glsa/201701-35

reference_id

GLSA-201701-35

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://security.gentoo.org/glsa/201701-35

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-92

reference_id

mfsa2016-92

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-92

reference_url	https://access.redhat.com/errata/RHSA-2016:2843
reference_id	RHSA-2016:2843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2843

reference_url	https://access.redhat.com/errata/RHSA-2016:2850
reference_id	RHSA-2016:2850
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2850

reference_url	https://usn.ubuntu.com/3140-1/
reference_id	USN-3140-1
reference_type
scores
url	https://usn.ubuntu.com/3140-1/

reference_url	https://usn.ubuntu.com/3141-1/
reference_id	USN-3141-1
reference_type
scores
url	https://usn.ubuntu.com/3141-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.0.2-1

purl pkg:alpm/archlinux/firefox@50.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tcx-3zn1-ykdq

vulnerability	VCID-2ptm-gx1p-uyhf

vulnerability	VCID-2xe3-59tz-zbc3

vulnerability	VCID-4d2q-usge-77ft

vulnerability	VCID-5dyh-s3yd-vqes

vulnerability	VCID-9fsb-vzuc-efc5

vulnerability	VCID-fgnu-kh7z-xuau

vulnerability	VCID-gqhc-h5p7-dyh1

vulnerability	VCID-m5pb-75ag-tfep

vulnerability	VCID-pbrt-gcqj-kycv

vulnerability	VCID-qu91-vc1p-dyb1

vulnerability	VCID-wffz-7y83-qkbm

vulnerability	VCID-ysg5-wc3n-fbgw

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1

aliases CVE-2016-9079

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avw6-7aqv-hbaa

url VCID-fmub-ph5x-pbdu

vulnerability_id VCID-fmub-ph5x-pbdu

summary Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9078

reference_id

reference_type

scores

value	0.01176
scoring_system	epss
scoring_elements	0.78771
published_at	2026-04-24T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78669
published_at	2026-04-01T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78727
published_at	2026-04-12T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78719
published_at	2026-04-13T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78748
published_at	2026-04-16T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78746
published_at	2026-04-18T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78742
published_at	2026-04-21T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78675
published_at	2026-04-02T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78706
published_at	2026-04-04T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78688
published_at	2026-04-07T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78714
published_at	2026-04-08T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78721
published_at	2026-04-09T12:55:00Z

value	0.01176
scoring_system	epss
scoring_elements	0.78745
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9078

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317641
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317641

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-91/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-91/

reference_url	http://www.securityfocus.com/bid/94569
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94569

reference_url	http://www.securitytracker.com/id/1037353
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037353

reference_url	https://security.archlinux.org/ASA-201612-1
reference_id	ASA-201612-1
reference_type
scores
url	https://security.archlinux.org/ASA-201612-1

reference_url

https://security.archlinux.org/AVG-90

reference_id

AVG-90

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-90

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:49.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:49.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:49.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:50.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:50.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:50.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9078

reference_id

CVE-2016-9078

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9078

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-91

reference_id

mfsa2016-91

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-91

reference_url	https://usn.ubuntu.com/3140-1/
reference_id	USN-3140-1
reference_type
scores
url	https://usn.ubuntu.com/3140-1/

fixed_packages

url pkg:alpm/archlinux/firefox@50.0.2-1

purl pkg:alpm/archlinux/firefox@50.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tcx-3zn1-ykdq

vulnerability	VCID-2ptm-gx1p-uyhf

vulnerability	VCID-2xe3-59tz-zbc3

vulnerability	VCID-4d2q-usge-77ft

vulnerability	VCID-5dyh-s3yd-vqes

vulnerability	VCID-9fsb-vzuc-efc5

vulnerability	VCID-fgnu-kh7z-xuau

vulnerability	VCID-gqhc-h5p7-dyh1

vulnerability	VCID-m5pb-75ag-tfep

vulnerability	VCID-pbrt-gcqj-kycv

vulnerability	VCID-qu91-vc1p-dyb1

vulnerability	VCID-wffz-7y83-qkbm

vulnerability	VCID-ysg5-wc3n-fbgw

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1

aliases CVE-2016-9078

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmub-ph5x-pbdu

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1

Package Instance