Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4047?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "type": "deb", "namespace": "debian", "name": "icedove", "version": "31.8.0-1~deb7u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:52.3.0-4~deb8u2", "latest_non_vulnerable_version": "1:52.3.0-4~deb8u2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/546?format=api", "vulnerability_id": "VCID-11uz-v7pw-v7hw", "summary": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5383" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3029?format=api", "vulnerability_id": "VCID-1322-2jgj-2kh2", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724", "reference_id": "CVE-2015-2724", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-59", "reference_id": "mfsa2015-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2724" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1322-2jgj-2kh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1935?format=api", "vulnerability_id": "VCID-1bx2-4ka7-w3cr", "summary": "The CESG, the Information Security Arm of GCHQ, reported a dangling\npointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)\nthat could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted\nNPAPI plugin in concert with scripted web content, resulting in a potentially exploitable\ncrash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966", "reference_id": "CVE-2016-1966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31", "reference_id": "mfsa2016-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/232?format=api", "vulnerability_id": "VCID-1es7-pnwd-pfdw", "summary": "A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9066" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1es7-pnwd-pfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/650?format=api", "vulnerability_id": "VCID-1j25-aujy-1fb3", "summary": "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1j25-aujy-1fb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/653?format=api", "vulnerability_id": "VCID-1qr1-6zdx-fqd1", "summary": "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7757" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qr1-6zdx-fqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/602?format=api", "vulnerability_id": "VCID-21fd-3bm8-nuhg", "summary": "Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7787" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21fd-3bm8-nuhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217?format=api", "vulnerability_id": "VCID-2dx6-ehwy-xubu", "summary": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9899" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/646?format=api", "vulnerability_id": "VCID-2ep2-61mb-cbd3", "summary": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7749" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ep2-61mb-cbd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/647?format=api", "vulnerability_id": "VCID-2nfu-kf32-myag", "summary": "A use-after-free vulnerability during video control operations when a <track> element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7750" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nfu-kf32-myag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2913?format=api", "vulnerability_id": "VCID-35ek-28ks-vqdf", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734", "reference_id": "CVE-2015-2734", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2734" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35ek-28ks-vqdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/540?format=api", "vulnerability_id": "VCID-3am9-1vdf-27gt", "summary": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/604?format=api", "vulnerability_id": "VCID-3qw2-tzj7-u3fa", "summary": "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7792" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qw2-tzj7-u3fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=api", "vulnerability_id": "VCID-3uny-z4bs-9bfk", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791", "reference_id": "CVE-2016-2791", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2791" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/541?format=api", "vulnerability_id": "VCID-442s-jgvp-gfav", "summary": "Use-after-free while manipulating XSL in XSLT documents", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218?format=api", "vulnerability_id": "VCID-4cyw-yxhd-77af", "summary": "Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9895" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/228?format=api", "vulnerability_id": "VCID-4eg8-dc82-fqd6", "summary": "Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9893" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/522?format=api", "vulnerability_id": "VCID-4gky-p4gv-u7cw", "summary": "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5408" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gky-p4gv-u7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=api", "vulnerability_id": "VCID-4hgx-k5jn-ckeu", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977", "reference_id": "CVE-2016-1977", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1977" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/519?format=api", "vulnerability_id": "VCID-4ncv-bsfh-kufk", "summary": "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5410" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ncv-bsfh-kufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=api", "vulnerability_id": "VCID-4r11-gv5n-rbhb", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793", "reference_id": "CVE-2016-2793", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2793" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/539?format=api", "vulnerability_id": "VCID-53n9-hyzh-yyaz", "summary": "Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5398" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53n9-hyzh-yyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/595?format=api", "vulnerability_id": "VCID-5a6g-h3b1-vqfy", "summary": "A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5a6g-h3b1-vqfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/547?format=api", "vulnerability_id": "VCID-5m57-7cch-v3ga", "summary": "Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2915?format=api", "vulnerability_id": "VCID-644p-f2nh-e7ah", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736", "reference_id": "CVE-2015-2736", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2736" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-644p-f2nh-e7ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4541?format=api", "vulnerability_id": "VCID-6pr4-1zfj-9ydj", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7772" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pr4-1zfj-9ydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2988?format=api", "vulnerability_id": "VCID-6q33-akyf-v7cw", "summary": "Mozilla developer Ehsan Akhgari reported a mechanism through which a\nweb worker could be used\nto bypass secure requirements for WebSockets when workers are used to create WebSockets.\nThis allows for the bypassing of mixed content WebSocket policy.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197", "reference_id": "CVE-2015-7197", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-132", "reference_id": "mfsa2015-132", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-132" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7197" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6q33-akyf-v7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/659?format=api", "vulnerability_id": "VCID-6s7e-79u3-h7ed", "summary": "Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, and Nils Ohlmeier reported memory safety bugs present in Firefox 53, Firefox ESR 52.1, and Thunderbird 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-5470" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6s7e-79u3-h7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2928?format=api", "vulnerability_id": "VCID-6x8h-7v19-x7d2", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover an integer overflow when\nwhen allocating textures of extremely larges sizes during graphics operations. This\nresults in a potentially exploitable crash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212", "reference_id": "CVE-2015-7212", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-139", "reference_id": "mfsa2015-139", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6x8h-7v19-x7d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/229?format=api", "vulnerability_id": "VCID-6xqg-t9fu-2kfk", "summary": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5296" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqg-t9fu-2kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/596?format=api", "vulnerability_id": "VCID-74ur-xkr1-a7er", "summary": "A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7809" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74ur-xkr1-a7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2931?format=api", "vulnerability_id": "VCID-7gkv-pu79-43hx", "summary": "Security researcher Matthew Green reported a Diffie–Hellman\n(DHE) key processing issue in Network Security Services (NSS) where a\nman-in-the-middle (MITM) attacker can force a server to downgrade TLS\nconnections to 512-bit export-grade cryptography by modifying client\nrequests to include only export-grade cipher suites. The resulting\nweak key can then be leveraged to impersonate the server. This attack\nis detailed in the \"Imperfect Forward\nSecrecy: How Diffie-Hellman Fails in Practice\" paper and is known as the\n\"Logjam Attack.\"This issue was fixed in NSS version 3.19.1 by limiting the lower strength of\nsupported DHE keys to use 1023 bit primes.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000", "reference_id": "CVE-2015-4000", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-70", "reference_id": "mfsa2015-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-70" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-4000" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1965?format=api", "vulnerability_id": "VCID-7hry-whqg-97gm", "summary": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807", "reference_id": "CVE-2016-2807", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39", "reference_id": "mfsa2016-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2807" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2961?format=api", "vulnerability_id": "VCID-81zk-xrsj-cufe", "summary": "Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575", "reference_id": "CVE-2015-7575", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-150", "reference_id": "mfsa2015-150", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-150" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7575" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=api", "vulnerability_id": "VCID-86p5-m5xh-wba9", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798", "reference_id": "CVE-2016-2798", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2798" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/597?format=api", "vulnerability_id": "VCID-883g-dbap-u7aw", "summary": "A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7784" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-883g-dbap-u7aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2919?format=api", "vulnerability_id": "VCID-89x5-7hfe-jbc7", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740", "reference_id": "CVE-2015-2740", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2740" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89x5-7hfe-jbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4537?format=api", "vulnerability_id": "VCID-8hfq-xxg6-tue8", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfq-xxg6-tue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=api", "vulnerability_id": "VCID-9hcm-h8uk-xygz", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802", "reference_id": "CVE-2016-2802", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2802" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233?format=api", "vulnerability_id": "VCID-9tuh-j2va-53hy", "summary": "A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5291" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tuh-j2va-53hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=api", "vulnerability_id": "VCID-9wc3-cjef-3ucq", "summary": "Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950", "reference_id": "CVE-2016-1950", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35", "reference_id": "mfsa2016-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1950" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=api", "vulnerability_id": "VCID-a5ee-c6f4-tufu", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790", "reference_id": "CVE-2016-2790", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2790" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3017?format=api", "vulnerability_id": "VCID-a5mh-mmhh-pfg6", "summary": "Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199", "reference_id": "CVE-2015-7199", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131", "reference_id": "mfsa2015-131", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7199" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5mh-mmhh-pfg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4542?format=api", "vulnerability_id": "VCID-abde-jm4w-5yde", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7771" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abde-jm4w-5yde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3023?format=api", "vulnerability_id": "VCID-ac68-q866-pugy", "summary": "Security researcher Gustavo Grieco reported a buffer underflow in\nlibjar triggered through a maliciously crafted ZIP format file. This results\nin a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194", "reference_id": "CVE-2015-7194", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-128", "reference_id": "mfsa2015-128", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7194" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ac68-q866-pugy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3016?format=api", "vulnerability_id": "VCID-agrg-fr7r-zyec", "summary": "Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198", "reference_id": "CVE-2015-7198", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131", "reference_id": "mfsa2015-131", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7198" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-agrg-fr7r-zyec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2916?format=api", "vulnerability_id": "VCID-are2-nwm2-ekfb", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737", "reference_id": "CVE-2015-2737", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2737" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-are2-nwm2-ekfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/601?format=api", "vulnerability_id": "VCID-azwt-6846-1kgm", "summary": "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7753" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azwt-6846-1kgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=api", "vulnerability_id": "VCID-b1zu-35mw-jkdg", "summary": "Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957", "reference_id": "CVE-2016-1957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20", "reference_id": "mfsa2016-20", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1957" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/545?format=api", "vulnerability_id": "VCID-bn6e-q2fz-7fba", "summary": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5396" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/645?format=api", "vulnerability_id": "VCID-bxpd-zacn-8bfv", "summary": "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-5472" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxpd-zacn-8bfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2910?format=api", "vulnerability_id": "VCID-cjnx-d8j7-zqg3", "summary": "Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182", "reference_id": "CVE-2015-7182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-133", "reference_id": "mfsa2015-133", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjnx-d8j7-zqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=api", "vulnerability_id": "VCID-cr9v-b95v-eyha", "summary": "Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974", "reference_id": "CVE-2016-1974", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34", "reference_id": "mfsa2016-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1974" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3002?format=api", "vulnerability_id": "VCID-cvjs-nw3e-6be2", "summary": "Security researcher Shinto K Anto reported an issue with cross-origin\nresource sharing (CORS) \"preflight\" requests when receiving certain\nContent-Type headers. This is due to an error in implementation resulting in\ntrying to process multiple media types when they are returned in the\nContent-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a\n\"preflight\" request, leading to potential same-origin policy violation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193", "reference_id": "CVE-2015-7193", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-127", "reference_id": "mfsa2015-127", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-127" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7193" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvjs-nw3e-6be2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/512?format=api", "vulnerability_id": "VCID-d5gv-m4u7-3bfc", "summary": "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gv-m4u7-3bfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2982?format=api", "vulnerability_id": "VCID-ddgc-sfjs-bkgg", "summary": "Security researcher Michał Bentkowski reported that adding white-space\ncharacters to hostnames that are IP addresses can bypass same-origin policy. This flaw was\ncaused by trailing whitespaces being evaluated differently when parsing IP addresses\ninstead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188", "reference_id": "CVE-2015-7188", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-122", "reference_id": "mfsa2015-122", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-122" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7188" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgc-sfjs-bkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=api", "vulnerability_id": "VCID-dhjd-31cm-1fh6", "summary": "Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960", "reference_id": "CVE-2016-1960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23", "reference_id": "mfsa2016-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1960" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=api", "vulnerability_id": "VCID-dxam-cewh-63dt", "summary": "Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954", "reference_id": "CVE-2016-1954", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17", "reference_id": "mfsa2016-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1954" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/247?format=api", "vulnerability_id": "VCID-e35v-ppxg-tkd1", "summary": "Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257" }, { "reference_url": "https://security.archlinux.org/ASA-201609-22", "reference_id": "ASA-201609-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-22" }, { "reference_url": "https://security.archlinux.org/AVG-24", "reference_id": "AVG-24", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85", "reference_id": "mfsa2016-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-86", "reference_id": "mfsa2016-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-86" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-88", "reference_id": "mfsa2016-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5257" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e35v-ppxg-tkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1866?format=api", "vulnerability_id": "VCID-ecjy-9yqg-d7g5", "summary": "Security researcher Holger Fuhrmannek reported that a malicious\nGraphite \"smart font\" could circumvent the validation of internal instruction parameters\nin the Graphite 2 library using special CNTXT_ITEM instructions. This could result in\narbitrary code execution.\n This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44.\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523", "reference_id": "CVE-2016-1523", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-14", "reference_id": "mfsa2016-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2016-1523" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecjy-9yqg-d7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1938?format=api", "vulnerability_id": "VCID-eefa-gdnq-8kb7", "summary": "Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836", "reference_id": "CVE-2016-2836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-62", "reference_id": "mfsa2016-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eefa-gdnq-8kb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1968?format=api", "vulnerability_id": "VCID-egv5-6c33-tfb9", "summary": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805", "reference_id": "CVE-2016-2805", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39", "reference_id": "mfsa2016-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2805" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egv5-6c33-tfb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2914?format=api", "vulnerability_id": "VCID-ewxc-cgha-5ya6", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735", "reference_id": "CVE-2015-2735", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2735" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewxc-cgha-5ya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/598?format=api", "vulnerability_id": "VCID-f9cy-h7kt-zudr", "summary": "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7802" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9cy-h7kt-zudr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1922?format=api", "vulnerability_id": "VCID-fam8-n44k-2qh7", "summary": "Mozilla developer Tim Taubert used the Address Sanitizer tool and\nsoftware fuzzing to discover a use-after-free vulnerability while processing DER encoded\nkeys in the Network Security Services (NSS) libraries. The vulnerability overwrites the\nfreed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox\n45.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979", "reference_id": "CVE-2016-1979", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36", "reference_id": "mfsa2016-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1979" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1864?format=api", "vulnerability_id": "VCID-ftnc-qwd9-jubp", "summary": "Security researcher Dominique Hazaël-Massieux reported a\nuse-after-free issue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed from within a call\nthrough it.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962", "reference_id": "CVE-2016-1962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-25", "reference_id": "mfsa2016-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1962" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnc-qwd9-jubp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=api", "vulnerability_id": "VCID-fxjs-kgb3-6bb7", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794", "reference_id": "CVE-2016-2794", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2794" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/608?format=api", "vulnerability_id": "VCID-fznu-jdyc-47hv", "summary": "When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7803" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fznu-jdyc-47hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/600?format=api", "vulnerability_id": "VCID-gcyv-192g-3ygq", "summary": "A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7786" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcyv-192g-3ygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2920?format=api", "vulnerability_id": "VCID-h99r-s2rd-dbf9", "summary": "Security researcher Ronald Crane reported a vulnerability found\nthrough code inspection. This issue is an integer overflow while processing an MP4 format\nvideo file when an a erroneously-small buffer is allocated and then overrun, resulting in\na potentially exploitable crash.\nThis issue only affects 64-bit versions with 32-bit versions being\nunaffected.In general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213", "reference_id": "CVE-2015-7213", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-146", "reference_id": "mfsa2015-146", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-146" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7213" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h99r-s2rd-dbf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2976?format=api", "vulnerability_id": "VCID-hgqa-m8ub-f3dc", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473", "reference_id": "CVE-2015-4473", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-79", "reference_id": "mfsa2015-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-4473" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgqa-m8ub-f3dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/513?format=api", "vulnerability_id": "VCID-jc41-75ha-97c9", "summary": "A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5401" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-75ha-97c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=api", "vulnerability_id": "VCID-jr76-2aht-uqb2", "summary": "Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961", "reference_id": "CVE-2016-1961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24", "reference_id": "mfsa2016-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=api", "vulnerability_id": "VCID-jubn-vjus-h3e8", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792", "reference_id": "CVE-2016-2792", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2792" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250?format=api", "vulnerability_id": "VCID-k1rz-f92p-ducs", "summary": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201612-1", "reference_id": "ASA-201612-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-1" }, { "reference_url": "https://security.archlinux.org/ASA-201612-2", "reference_id": "ASA-201612-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-2" }, { "reference_url": "https://security.archlinux.org/AVG-90", "reference_id": "AVG-90", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-90" }, { "reference_url": "https://security.archlinux.org/AVG-91", "reference_id": "AVG-91", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-91" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92", "reference_id": "mfsa2016-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/609?format=api", "vulnerability_id": "VCID-k458-ek4h-4kht", "summary": "Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7779" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k458-ek4h-4kht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=api", "vulnerability_id": "VCID-kcpz-uwq4-skf4", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799", "reference_id": "CVE-2016-2799", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2799" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/235?format=api", "vulnerability_id": "VCID-kkjv-tyxm-6ub7", "summary": "Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5290" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjv-tyxm-6ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2917?format=api", "vulnerability_id": "VCID-knkj-95et-a7bh", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738", "reference_id": "CVE-2015-2738", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2738" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knkj-95et-a7bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=api", "vulnerability_id": "VCID-ksda-d24x-8bcf", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797", "reference_id": "CVE-2016-2797", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/222?format=api", "vulnerability_id": "VCID-m1ve-ttqh-3ucn", "summary": "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9900" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/535?format=api", "vulnerability_id": "VCID-m2ee-rr9r-u3ge", "summary": "Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5405" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ee-rr9r-u3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2908?format=api", "vulnerability_id": "VCID-m6a6-yhfk-1ufh", "summary": "Security researcher Tsubasa Iinuma reported a mechanism to violate\nsame-origin policy to content using data: and view-source: URIs\nto confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214", "reference_id": "CVE-2015-7214", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-149", "reference_id": "mfsa2015-149", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-149" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7214" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6a6-yhfk-1ufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/542?format=api", "vulnerability_id": "VCID-m7n2-1ppv-jfcm", "summary": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/606?format=api", "vulnerability_id": "VCID-md7v-but8-7qdz", "summary": "On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7791" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-md7v-but8-7qdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2909?format=api", "vulnerability_id": "VCID-mq7v-8uvq-5yeq", "summary": "Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181", "reference_id": "CVE-2015-7181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-133", "reference_id": "mfsa2015-133", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mq7v-8uvq-5yeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=api", "vulnerability_id": "VCID-mxj9-cgmx-zkg9", "summary": "Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964", "reference_id": "CVE-2016-1964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27", "reference_id": "mfsa2016-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/544?format=api", "vulnerability_id": "VCID-n9bg-836z-abb8", "summary": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5390" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2924?format=api", "vulnerability_id": "VCID-njfh-euqq-hyek", "summary": "Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488", "reference_id": "CVE-2015-4488", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-90", "reference_id": "mfsa2015-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-90" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-4488" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njfh-euqq-hyek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4536?format=api", "vulnerability_id": "VCID-njra-xv9f-ffck", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7777" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njra-xv9f-ffck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/518?format=api", "vulnerability_id": "VCID-nv26-s56m-vkdh", "summary": "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5407" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nv26-s56m-vkdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/594?format=api", "vulnerability_id": "VCID-p1ry-j666-3qhy", "summary": "A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7800" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1ry-j666-3qhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4539?format=api", "vulnerability_id": "VCID-ppw9-56ha-2bhm", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7774" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppw9-56ha-2bhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2906?format=api", "vulnerability_id": "VCID-psax-4qxx-1udr", "summary": "Security researcher Ronald Crane reported an underflow found through\ncode inspection. This does not all have a clear mechanism to be exploited through web\ncontent but could be vulnerable if a means can be found to trigger it.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205", "reference_id": "CVE-2015-7205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-145", "reference_id": "mfsa2015-145", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-145" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psax-4qxx-1udr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3021?format=api", "vulnerability_id": "VCID-rf44-229c-qubm", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201", "reference_id": "CVE-2015-7201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-134", "reference_id": "mfsa2015-134", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf44-229c-qubm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1881?format=api", "vulnerability_id": "VCID-rhmy-7533-6be9", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930", "reference_id": "CVE-2016-1930", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-01", "reference_id": "mfsa2016-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2016-1930" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhmy-7533-6be9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/648?format=api", "vulnerability_id": "VCID-s4se-eex7-h7a6", "summary": "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7751" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4se-eex7-h7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=api", "vulnerability_id": "VCID-s874-n3jb-23h1", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796", "reference_id": "CVE-2016-2796", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2796" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/657?format=api", "vulnerability_id": "VCID-s8cd-xy2t-vyem", "summary": "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\"", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7764" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8cd-xy2t-vyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1966?format=api", "vulnerability_id": "VCID-ta8f-s9rp-dqc3", "summary": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806", "reference_id": "CVE-2016-2806", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39", "reference_id": "mfsa2016-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2806" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ta8f-s9rp-dqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1946?format=api", "vulnerability_id": "VCID-tw6u-q876-yfbm", "summary": "Security researcher Aki Helin used the Address Sanitizer tool to find\na buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935", "reference_id": "CVE-2016-1935", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-03", "reference_id": "mfsa2016-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2016-1935" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tw6u-q876-yfbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3052?format=api", "vulnerability_id": "VCID-tx75-3f4v-j3f3", "summary": "Security researcher Looben Yang reported a buffer overflow in the\nJPEGEncoder function during script interactions with a canvas\nelement. This is caused by a race condition and incorrectly matched sizes following image\ninteractions. This leads to a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189", "reference_id": "CVE-2015-7189", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-123", "reference_id": "mfsa2015-123", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-123" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7189" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx75-3f4v-j3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/651?format=api", "vulnerability_id": "VCID-u7r9-ukbq-mkb4", "summary": "An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7754" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7r9-ukbq-mkb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/652?format=api", "vulnerability_id": "VCID-uaga-tye9-gqg1", "summary": "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7756" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uaga-tye9-gqg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/654?format=api", "vulnerability_id": "VCID-uh5h-t12y-h3b1", "summary": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7778" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh5h-t12y-h3b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/603?format=api", "vulnerability_id": "VCID-uww5-29jb-n3gc", "summary": "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7807" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uww5-29jb-n3gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=api", "vulnerability_id": "VCID-vct8-ur1y-63db", "summary": "Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721", "reference_id": "CVE-2015-2721", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-71", "reference_id": "mfsa2015-71", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2721" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/221?format=api", "vulnerability_id": "VCID-vdup-4rw5-bke7", "summary": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9898" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/249?format=api", "vulnerability_id": "VCID-vfzf-pypu-qufk", "summary": "A potentially exploitable crash in EnumerateSubDocuments while adding or removing sub-documents.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9905" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfzf-pypu-qufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/231?format=api", "vulnerability_id": "VCID-vhgu-g4te-7bff", "summary": "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5297" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhgu-g4te-7bff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3018?format=api", "vulnerability_id": "VCID-vswn-ph7t-akfr", "summary": "Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200", "reference_id": "CVE-2015-7200", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131", "reference_id": "mfsa2015-131", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-7200" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vswn-ph7t-akfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1897?format=api", "vulnerability_id": "VCID-w3p3-evn1-eqgm", "summary": "Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818", "reference_id": "CVE-2016-2818", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-49", "reference_id": "mfsa2016-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2818" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3p3-evn1-eqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220?format=api", "vulnerability_id": "VCID-wbtg-ecpe-8bcy", "summary": "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9897" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=api", "vulnerability_id": "VCID-wd34-8uw6-2uh4", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801", "reference_id": "CVE-2016-2801", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2923?format=api", "vulnerability_id": "VCID-wjz2-h366-vbae", "summary": "Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487", "reference_id": "CVE-2015-4487", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-90", "reference_id": "mfsa2015-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-90" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-4487" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wjz2-h366-vbae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/514?format=api", "vulnerability_id": "VCID-wx4s-73zs-cfap", "summary": "A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5402" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wx4s-73zs-cfap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/655?format=api", "vulnerability_id": "VCID-wxca-7hua-tubu", "summary": "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7758" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxca-7hua-tubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/599?format=api", "vulnerability_id": "VCID-x2hg-g7n3-8qbw", "summary": "A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7785" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hg-g7n3-8qbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/234?format=api", "vulnerability_id": "VCID-x4x5-44xh-6uat", "summary": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4x5-44xh-6uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=api", "vulnerability_id": "VCID-xmkv-47hn-43ck", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800", "reference_id": "CVE-2016-2800", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2800" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/516?format=api", "vulnerability_id": "VCID-xtbe-gv4p-23fn", "summary": "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5404" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtbe-gv4p-23fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2925?format=api", "vulnerability_id": "VCID-y429-zgqe-4ffk", "summary": "Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489", "reference_id": "CVE-2015-4489", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-90", "reference_id": "mfsa2015-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-90" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-4489" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y429-zgqe-4ffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/543?format=api", "vulnerability_id": "VCID-yk3y-5my9-auak", "summary": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2992?format=api", "vulnerability_id": "VCID-ymzx-f3pc-pfc2", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513", "reference_id": "CVE-2015-4513", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-116", "reference_id": "mfsa2015-116", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-116" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-4513" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymzx-f3pc-pfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2918?format=api", "vulnerability_id": "VCID-yr7f-4cr1-nye2", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739", "reference_id": "CVE-2015-2739", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2739" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yr7f-4cr1-nye2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=api", "vulnerability_id": "VCID-yssr-7m7d-b7fh", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795", "reference_id": "CVE-2016-2795", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2795" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4540?format=api", "vulnerability_id": "VCID-zakg-k4hk-fyhm", "summary": "multiple issues", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7773" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zakg-k4hk-fyhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223?format=api", "vulnerability_id": "VCID-zbxg-zh9z-n7gg", "summary": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9904" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3029?format=api", "vulnerability_id": "VCID-1322-2jgj-2kh2", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724", "reference_id": "CVE-2015-2724", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-59", "reference_id": "mfsa2015-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2724" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1322-2jgj-2kh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2970?format=api", "vulnerability_id": "VCID-2u3s-8pqy-27gd", "summary": "Security researcher Aki Helin used the Address Sanitizer\ntool to find a buffer overflow during video playback on Linux systems. This was\ndue to a problem in older versions of the Gstreamer plugin during the parsing of\nH.264 formatted video. This issue could be used to induce a possibly exploitable\ncrash.\nThis issue does not affect the current 1.0 version of Gstreamer\nand does not affect Windows or OS X systems.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797", "reference_id": "CVE-2015-0797", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-47", "reference_id": "mfsa2015-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" } ], "aliases": [ "CVE-2015-0797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2u3s-8pqy-27gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2913?format=api", "vulnerability_id": "VCID-35ek-28ks-vqdf", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734", "reference_id": "CVE-2015-2734", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2734" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35ek-28ks-vqdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2915?format=api", "vulnerability_id": "VCID-644p-f2nh-e7ah", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736", "reference_id": "CVE-2015-2736", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2736" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-644p-f2nh-e7ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2931?format=api", "vulnerability_id": "VCID-7gkv-pu79-43hx", "summary": "Security researcher Matthew Green reported a Diffie–Hellman\n(DHE) key processing issue in Network Security Services (NSS) where a\nman-in-the-middle (MITM) attacker can force a server to downgrade TLS\nconnections to 512-bit export-grade cryptography by modifying client\nrequests to include only export-grade cipher suites. The resulting\nweak key can then be leveraged to impersonate the server. This attack\nis detailed in the \"Imperfect Forward\nSecrecy: How Diffie-Hellman Fails in Practice\" paper and is known as the\n\"Logjam Attack.\"This issue was fixed in NSS version 3.19.1 by limiting the lower strength of\nsupported DHE keys to use 1023 bit primes.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000", "reference_id": "CVE-2015-4000", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-70", "reference_id": "mfsa2015-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-70" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-4000" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2919?format=api", "vulnerability_id": "VCID-89x5-7hfe-jbc7", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740", "reference_id": "CVE-2015-2740", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2740" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-89x5-7hfe-jbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2916?format=api", "vulnerability_id": "VCID-are2-nwm2-ekfb", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737", "reference_id": "CVE-2015-2737", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2737" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-are2-nwm2-ekfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2914?format=api", "vulnerability_id": "VCID-ewxc-cgha-5ya6", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735", "reference_id": "CVE-2015-2735", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2735" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewxc-cgha-5ya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3006?format=api", "vulnerability_id": "VCID-g4jc-hh17-wbex", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708", "reference_id": "CVE-2015-2708", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-46", "reference_id": "mfsa2015-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2708" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4jc-hh17-wbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3086?format=api", "vulnerability_id": "VCID-gj9v-hz2y-j3h2", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen found a buffer overflow during the rendering of SVG format\ngraphics when combined with specific CSS properties on a page. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710", "reference_id": "CVE-2015-2710", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-48", "reference_id": "mfsa2015-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2710" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj9v-hz2y-j3h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2917?format=api", "vulnerability_id": "VCID-knkj-95et-a7bh", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738", "reference_id": "CVE-2015-2738", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2738" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knkj-95et-a7bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3070?format=api", "vulnerability_id": "VCID-nzaw-bp6y-qkbq", "summary": "Security researcher Ucha Gobejishvili used the Address\nSanitizer tool to find a buffer overflow while parsing compressed XML content.\nThis was due to an error in how buffer space is created and modified when\nhandling large amounts of XML data. This results in a potentially exploitable\ncrash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", "reference_id": "CVE-2015-2716", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54", "reference_id": "mfsa2015-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2716" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzaw-bp6y-qkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3067?format=api", "vulnerability_id": "VCID-sm73-ujuw-z7cy", "summary": "Security researcher Scott Bell used the Address Sanitizer\ntool to discover a use-after-free error during the processing of text when\nvertical text is enabled. This leads to a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713", "reference_id": "CVE-2015-2713", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-51", "reference_id": "mfsa2015-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2713" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sm73-ujuw-z7cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=api", "vulnerability_id": "VCID-vct8-ur1y-63db", "summary": "Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721", "reference_id": "CVE-2015-2721", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-71", "reference_id": "mfsa2015-71", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2721" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2918?format=api", "vulnerability_id": "VCID-yr7f-4cr1-nye2", "summary": "Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739", "reference_id": "CVE-2015-2739", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66", "reference_id": "mfsa2015-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4047?format=api", "purl": "pkg:deb/debian/icedove@31.8.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1322-2jgj-2kh2" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-35ek-28ks-vqdf" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-644p-f2nh-e7ah" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6q33-akyf-v7cw" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6x8h-7v19-x7d2" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7gkv-pu79-43hx" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-81zk-xrsj-cufe" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-89x5-7hfe-jbc7" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-a5mh-mmhh-pfg6" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-ac68-q866-pugy" }, { "vulnerability": "VCID-agrg-fr7r-zyec" }, { "vulnerability": "VCID-are2-nwm2-ekfb" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cjnx-d8j7-zqg3" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-cvjs-nw3e-6be2" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-ddgc-sfjs-bkgg" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-ecjy-9yqg-d7g5" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-ewxc-cgha-5ya6" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-h99r-s2rd-dbf9" }, { "vulnerability": "VCID-hgqa-m8ub-f3dc" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-knkj-95et-a7bh" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m6a6-yhfk-1ufh" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mq7v-8uvq-5yeq" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njfh-euqq-hyek" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-psax-4qxx-1udr" }, { "vulnerability": "VCID-rf44-229c-qubm" }, { "vulnerability": "VCID-rhmy-7533-6be9" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-tw6u-q876-yfbm" }, { "vulnerability": "VCID-tx75-3f4v-j3f3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vct8-ur1y-63db" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-vswn-ph7t-akfr" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wjz2-h366-vbae" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-y429-zgqe-4ffk" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-ymzx-f3pc-pfc2" }, { "vulnerability": "VCID-yr7f-4cr1-nye2" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" } ], "aliases": [ "CVE-2015-2739" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yr7f-4cr1-nye2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1" }