Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/371605?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "50.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "52.0-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50400?format=api", "vulnerability_id": "VCID-avw6-7aqv-hbaa", "summary": "Multiple vulnerabilities have been found in Mozilla SeaMonkey, the\n worst of which could lead to the remote execution of arbitrary code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99336", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99335", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99346", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99341", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.9934", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99337", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9079" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3730", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.debian.org/security/2016/dsa-3730" }, { "reference_url": "https://www.exploit-db.com/exploits/41151/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.exploit-db.com/exploits/41151/" }, { "reference_url": "https://www.exploit-db.com/exploits/42327/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.exploit-db.com/exploits/42327/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/" }, { "reference_url": "http://www.securityfocus.com/bid/94591", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://www.securityfocus.com/bid/94591" }, { "reference_url": "http://www.securitytracker.com/id/1037370", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://www.securitytracker.com/id/1037370" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400376", "reference_id": "1400376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400376" }, { "reference_url": "https://security.archlinux.org/ASA-201612-1", "reference_id": "ASA-201612-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-1" }, { "reference_url": "https://security.archlinux.org/ASA-201612-2", "reference_id": "ASA-201612-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-2" }, { "reference_url": "https://security.archlinux.org/AVG-90", "reference_id": "AVG-90", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-90" }, { "reference_url": "https://security.archlinux.org/AVG-91", "reference_id": "AVG-91", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-91" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb", "reference_id": "CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb", "reference_id": "CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9079", "reference_id": "CVE-2016-9079", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9079" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html", "reference_id": "CVE-2017-5375;CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html" }, { "reference_url": "https://rh0dev.github.io/blog/2017/the-return-of-the-jit/", "reference_id": "CVE-2017-5375;CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://rh0dev.github.io/blog/2017/the-return-of-the-jit/" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://security.gentoo.org/glsa/201701-35", "reference_id": "GLSA-201701-35", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://security.gentoo.org/glsa/201701-35" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92", "reference_id": "mfsa2016-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2843", "reference_id": "RHSA-2016:2843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2850", "reference_id": "RHSA-2016:2850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2850" }, { "reference_url": "https://usn.ubuntu.com/3140-1/", "reference_id": "USN-3140-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3140-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371598?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tcx-3zn1-ykdq" }, { "vulnerability": "VCID-2ptm-gx1p-uyhf" }, { "vulnerability": "VCID-2xe3-59tz-zbc3" }, { "vulnerability": "VCID-4d2q-usge-77ft" }, { "vulnerability": "VCID-5dyh-s3yd-vqes" }, { "vulnerability": "VCID-9fsb-vzuc-efc5" }, { "vulnerability": "VCID-fgnu-kh7z-xuau" }, { "vulnerability": "VCID-gqhc-h5p7-dyh1" }, { "vulnerability": "VCID-m5pb-75ag-tfep" }, { "vulnerability": "VCID-pbrt-gcqj-kycv" }, { "vulnerability": "VCID-qu91-vc1p-dyb1" }, { "vulnerability": "VCID-wffz-7y83-qkbm" }, { "vulnerability": "VCID-ysg5-wc3n-fbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1" } ], "aliases": [ "CVE-2016-9079" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avw6-7aqv-hbaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62658?format=api", "vulnerability_id": "VCID-fmub-ph5x-pbdu", "summary": "Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9078", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78669", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78745", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78719", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78748", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78706", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78688", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78714", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01176", "scoring_system": "epss", "scoring_elements": "0.78721", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9078" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317641" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-91/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-91/" }, { "reference_url": "http://www.securityfocus.com/bid/94569", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94569" }, { "reference_url": "http://www.securitytracker.com/id/1037353", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037353" }, { "reference_url": "https://security.archlinux.org/ASA-201612-1", "reference_id": "ASA-201612-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-1" }, { "reference_url": "https://security.archlinux.org/AVG-90", "reference_id": "AVG-90", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-90" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:49.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:49.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:49.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:50.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:50.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:50.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9078", "reference_id": "CVE-2016-9078", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9078" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91", "reference_id": "mfsa2016-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91" }, { "reference_url": "https://usn.ubuntu.com/3140-1/", "reference_id": "USN-3140-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3140-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371598?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tcx-3zn1-ykdq" }, { "vulnerability": "VCID-2ptm-gx1p-uyhf" }, { "vulnerability": "VCID-2xe3-59tz-zbc3" }, { "vulnerability": "VCID-4d2q-usge-77ft" }, { "vulnerability": "VCID-5dyh-s3yd-vqes" }, { "vulnerability": "VCID-9fsb-vzuc-efc5" }, { "vulnerability": "VCID-fgnu-kh7z-xuau" }, { "vulnerability": "VCID-gqhc-h5p7-dyh1" }, { "vulnerability": "VCID-m5pb-75ag-tfep" }, { "vulnerability": "VCID-pbrt-gcqj-kycv" }, { "vulnerability": "VCID-qu91-vc1p-dyb1" }, { "vulnerability": "VCID-wffz-7y83-qkbm" }, { "vulnerability": "VCID-ysg5-wc3n-fbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1" } ], "aliases": [ "CVE-2016-9078" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmub-ph5x-pbdu" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56746?format=api", "vulnerability_id": "VCID-3dea-vjmc-b7eb", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox and\n Thunderbird the worst of which could lead to the execution of arbitrary\n code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.829", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82846", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82853", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82864", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.8286", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82899", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82898", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82795", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82812", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82825", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.82821", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5297" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2016/dsa-3730" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-90/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-93/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-93/" }, { "reference_url": "http://www.securityfocus.com/bid/94336", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94336" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395058", "reference_id": "1395058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395058" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5297", "reference_id": "CVE-2016-5297", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5297" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5297" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3dea-vjmc-b7eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62659?format=api", "vulnerability_id": "VCID-47dr-szw4-ryfr", "summary": "During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.74956", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.75032", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.75031", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.7501", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.74999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.75035", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.75043", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.74959", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.74988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.74963", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.74997", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00858", "scoring_system": "epss", "scoring_elements": "0.75009", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5292" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288482" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395057", "reference_id": "1395057", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395057" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5292", "reference_id": "CVE-2016-5292", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5292" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5292" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47dr-szw4-ryfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56742?format=api", "vulnerability_id": "VCID-545u-wnrj-z3dh", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox and\n Thunderbird the worst of which could lead to the execution of arbitrary\n code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10894", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1095", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10951", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10918", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10895", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1076", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10773", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10797", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10822", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5291" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2016/dsa-3730" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-90/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-93/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-93/" }, { "reference_url": "http://www.securityfocus.com/bid/94336", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94336" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395065", "reference_id": "1395065", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395065" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5291", "reference_id": "CVE-2016-5291", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5291" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5291" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-545u-wnrj-z3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62664?format=api", "vulnerability_id": "VCID-6cde-35h4-vqaj", "summary": "An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85417", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85515", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85495", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85493", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.8549", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85513", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85518", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85429", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85449", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85472", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02551", "scoring_system": "epss", "scoring_elements": "0.85481", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9075" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1295324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1295324" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395101", "reference_id": "1395101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395101" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9075", "reference_id": "CVE-2016-9075", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9075" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9075" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cde-35h4-vqaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62674?format=api", "vulnerability_id": "VCID-6pk2-g77j-h3b2", "summary": "An integer overflow during the parsing of XML using the Expat library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85165", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85129", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85136", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85148", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85145", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85166", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85167", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85086", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02427", "scoring_system": "epss", "scoring_elements": "0.85104", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9063" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3898" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "http://www.securitytracker.com/id/1039427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039427" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396540", "reference_id": "1396540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396540" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/ASA-201706-32", "reference_id": "ASA-201706-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-32" }, { "reference_url": "https://security.archlinux.org/ASA-201707-27", "reference_id": "ASA-201707-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-27" }, { "reference_url": "https://security.archlinux.org/AVG-305", "reference_id": "AVG-305", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-305" }, { "reference_url": "https://security.archlinux.org/AVG-306", "reference_id": "AVG-306", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-306" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9063", "reference_id": "CVE-2016-9063", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9063" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9063" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pk2-g77j-h3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62671?format=api", "vulnerability_id": "VCID-9gcq-8grt-vfhc", "summary": "A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71692", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71762", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71765", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71748", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71731", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.7178", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71699", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71717", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71691", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71729", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71741", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9070" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1281071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1281071" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396549", "reference_id": "1396549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396549" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9070", "reference_id": "CVE-2016-9070", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9070" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9070" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gcq-8grt-vfhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62665?format=api", "vulnerability_id": "VCID-f8wd-xgwu-8kgm", "summary": "Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38292", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38295", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38393", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38331", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38379", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38358", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.3843", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38454", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38318", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38368", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38376", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9077" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1298552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1298552" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395099", "reference_id": "1395099", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395099" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9077", "reference_id": "CVE-2016-9077", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9077" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9077" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8wd-xgwu-8kgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62662?format=api", "vulnerability_id": "VCID-jvy8-w1m2-ayaw", "summary": "A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82321", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82431", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82375", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82382", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82397", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82392", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82426", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82335", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82353", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82348", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9068" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1302973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1302973" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396542", "reference_id": "1396542", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396542" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9068", "reference_id": "CVE-2016-9068", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9068" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9068" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvy8-w1m2-ayaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62675?format=api", "vulnerability_id": "VCID-mdpv-kcbb-9ubj", "summary": "Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49279", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49261", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49313", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.4931", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49239", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49267", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49219", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49273", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49269", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9071" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1285003" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395100", "reference_id": "1395100", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395100" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9071", "reference_id": "CVE-2016-9071", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9071" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9071" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdpv-kcbb-9ubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62661?format=api", "vulnerability_id": "VCID-pybp-xzy7-q3a8", "summary": "Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80097", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80175", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80147", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80166", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.8015", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80142", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80172", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80124", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80112", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.8014", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9067" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301777" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396539", "reference_id": "1396539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396539" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9067", "reference_id": "CVE-2016-9067", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9067" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9067" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pybp-xzy7-q3a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56741?format=api", "vulnerability_id": "VCID-qptm-f15t-57gj", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox and\n Thunderbird the worst of which could lead to the execution of arbitrary\n code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2825.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2825.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83158", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83103", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83127", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83121", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83154", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83155", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83051", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83081", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83079", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5290" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2016/dsa-3730" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-90/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-93/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-93/" }, { "reference_url": "http://www.securityfocus.com/bid/94335", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94335" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395066", "reference_id": "1395066", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395066" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5290", "reference_id": "CVE-2016-5290", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5290" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2825", "reference_id": "RHSA-2016:2825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2825" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5290" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qptm-f15t-57gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62676?format=api", "vulnerability_id": "VCID-rz6b-kepf-cfg9", "summary": "Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82765", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82871", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82822", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82834", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.8283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82869", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82791", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01811", "scoring_system": "epss", "scoring_elements": "0.82816", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5289" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395098", "reference_id": "1395098", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395098" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5289", "reference_id": "CVE-2016-5289", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5289" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5289" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6b-kepf-cfg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56747?format=api", "vulnerability_id": "VCID-swmb-24y4-1kau", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox and\n Thunderbird the worst of which could lead to the execution of arbitrary\n code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50819", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50792", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50835", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50811", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50796", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50834", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5084", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50704", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50783", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50739", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50795", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9064" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1303418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-90/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" }, { "reference_url": "http://www.securityfocus.com/bid/94336", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94336" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395060", "reference_id": "1395060", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395060" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9064", "reference_id": "CVE-2016-9064", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9064" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9064" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swmb-24y4-1kau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56748?format=api", "vulnerability_id": "VCID-tgya-wnfn-t7eb", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox and\n Thunderbird the worst of which could lead to the execution of arbitrary\n code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95593", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95568", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95571", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95578", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95587", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95592", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95544", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95553", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95558", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95561", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9066" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1299686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1299686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2016/dsa-3730" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-90/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-93/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-93/" }, { "reference_url": "http://www.securityfocus.com/bid/94336", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94336" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395061", "reference_id": "1395061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395061" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9066", "reference_id": "CVE-2016-9066", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9066" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9066" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgya-wnfn-t7eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62672?format=api", "vulnerability_id": "VCID-v28j-cvrw-p3c7", "summary": "WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.7412", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74174", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74167", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74205", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74214", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74125", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74151", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.74156", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00807", "scoring_system": "epss", "scoring_elements": "0.7417", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9073" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1289273", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1289273" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396545", "reference_id": "1396545", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396545" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9073", "reference_id": "CVE-2016-9073", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9073" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9073" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v28j-cvrw-p3c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56745?format=api", "vulnerability_id": "VCID-yegk-sgdn-z3ae", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox and\n Thunderbird the worst of which could lead to the execution of arbitrary\n code.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2780.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85565", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85522", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85545", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85544", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.8554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85563", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85569", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85469", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85481", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85498", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85502", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5296" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2016/dsa-3730" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-90/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-93/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-93/" }, { "reference_url": "http://www.securityfocus.com/bid/94339", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94339" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395055", "reference_id": "1395055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395055" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5296", "reference_id": "CVE-2016-5296", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5296" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-5296" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yegk-sgdn-z3ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62673?format=api", "vulnerability_id": "VCID-yy4z-p3f1-qbbc", "summary": "An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67067", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67167", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67183", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67172", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67186", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67127", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67102", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67152", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00528", "scoring_system": "epss", "scoring_elements": "0.67164", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9076" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1276976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1276976" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "reference_url": "http://www.securityfocus.com/bid/94337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94337" }, { "reference_url": "http://www.securitytracker.com/id/1037298", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396537", "reference_id": "1396537", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396537" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9076", "reference_id": "CVE-2016-9076", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9076" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371605?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avw6-7aqv-hbaa" }, { "vulnerability": "VCID-fmub-ph5x-pbdu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "aliases": [ "CVE-2016-9076" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy4z-p3f1-qbbc" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" }