Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4201?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "type": "deb", "namespace": "debian", "name": "icedove", "version": "1:45.8.0-3~deb8u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/650?format=api", "vulnerability_id": "VCID-1j25-aujy-1fb3", "summary": "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7752.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.77027", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.76985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00972", "scoring_system": "epss", "scoring_elements": "0.77018", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461256", "reference_id": "1461256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461256" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7752" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1j25-aujy-1fb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/653?format=api", "vulnerability_id": "VCID-1qr1-6zdx-fqd1", "summary": "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461259", "reference_id": "1461259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461259" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7757" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qr1-6zdx-fqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/602?format=api", "vulnerability_id": "VCID-21fd-3bm8-nuhg", "summary": "Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.77136", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.77094", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.77126", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479206", "reference_id": "1479206", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479206" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7787" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21fd-3bm8-nuhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/646?format=api", "vulnerability_id": "VCID-2ep2-61mb-cbd3", "summary": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461253", "reference_id": "1461253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461253" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7749" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ep2-61mb-cbd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/647?format=api", "vulnerability_id": "VCID-2nfu-kf32-myag", "summary": "A use-after-free vulnerability during video control operations when a <track> element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461254", "reference_id": "1461254", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461254" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7750" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nfu-kf32-myag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/604?format=api", "vulnerability_id": "VCID-3qw2-tzj7-u3fa", "summary": "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07363", "scoring_system": "epss", "scoring_elements": "0.91865", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07363", "scoring_system": "epss", "scoring_elements": "0.91851", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07363", "scoring_system": "epss", "scoring_elements": "0.91863", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479210", "reference_id": "1479210", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479210" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7792" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qw2-tzj7-u3fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/595?format=api", "vulnerability_id": "VCID-5a6g-h3b1-vqfy", "summary": "A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.85114", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.85086", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.8511", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479223", "reference_id": "1479223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479223" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7801" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5a6g-h3b1-vqfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4541?format=api", "vulnerability_id": "VCID-6pr4-1zfj-9ydj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70379", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70388", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70337", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472213", "reference_id": "1472213", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472213" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" }, { "reference_url": "https://usn.ubuntu.com/3398-1/", "reference_id": "USN-3398-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3398-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7772" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pr4-1zfj-9ydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/659?format=api", "vulnerability_id": "VCID-6s7e-79u3-h7ed", "summary": "Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, and Nils Ohlmeier reported memory safety bugs present in Firefox 53, Firefox ESR 52.1, and Thunderbird 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5470.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5470.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461264", "reference_id": "1461264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461264" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-5470" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6s7e-79u3-h7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/596?format=api", "vulnerability_id": "VCID-74ur-xkr1-a7er", "summary": "A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02292", "scoring_system": "epss", "scoring_elements": "0.85043", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02292", "scoring_system": "epss", "scoring_elements": "0.85015", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02292", "scoring_system": "epss", "scoring_elements": "0.85038", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479650", "reference_id": "1479650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479650" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7809" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74ur-xkr1-a7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/597?format=api", "vulnerability_id": "VCID-883g-dbap-u7aw", "summary": "A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05217", "scoring_system": "epss", "scoring_elements": "0.90127", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05217", "scoring_system": "epss", "scoring_elements": "0.90112", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05217", "scoring_system": "epss", "scoring_elements": "0.90128", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479201", "reference_id": "1479201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479201" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7784" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-883g-dbap-u7aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4537?format=api", "vulnerability_id": "VCID-8hfq-xxg6-tue8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70379", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70388", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70337", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472223", "reference_id": "1472223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472223" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" }, { "reference_url": "https://usn.ubuntu.com/3398-1/", "reference_id": "USN-3398-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3398-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7776" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfq-xxg6-tue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4542?format=api", "vulnerability_id": "VCID-abde-jm4w-5yde", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67925", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67932", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67885", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472212", "reference_id": "1472212", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472212" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" }, { "reference_url": "https://usn.ubuntu.com/3398-1/", "reference_id": "USN-3398-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3398-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7771" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-abde-jm4w-5yde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/601?format=api", "vulnerability_id": "VCID-azwt-6846-1kgm", "summary": "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01721", "scoring_system": "epss", "scoring_elements": "0.82768", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01721", "scoring_system": "epss", "scoring_elements": "0.82744", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01721", "scoring_system": "epss", "scoring_elements": "0.82769", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:C" }, { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479188", "reference_id": "1479188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479188" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7753" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azwt-6846-1kgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/645?format=api", "vulnerability_id": "VCID-bxpd-zacn-8bfv", "summary": "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5472.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461252", "reference_id": "1461252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461252" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-5472" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxpd-zacn-8bfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/598?format=api", "vulnerability_id": "VCID-f9cy-h7kt-zudr", "summary": "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7802.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02292", "scoring_system": "epss", "scoring_elements": "0.85043", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02292", "scoring_system": "epss", "scoring_elements": "0.85015", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02292", "scoring_system": "epss", "scoring_elements": "0.85038", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479224", "reference_id": "1479224", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479224" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7802" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9cy-h7kt-zudr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/608?format=api", "vulnerability_id": "VCID-fznu-jdyc-47hv", "summary": "When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7803.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7803.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78393", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78358", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01098", "scoring_system": "epss", "scoring_elements": "0.78385", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479225", "reference_id": "1479225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479225" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7803" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fznu-jdyc-47hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/600?format=api", "vulnerability_id": "VCID-gcyv-192g-3ygq", "summary": "A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0852", "scoring_system": "epss", "scoring_elements": "0.92531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0852", "scoring_system": "epss", "scoring_elements": "0.92523", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0852", "scoring_system": "epss", "scoring_elements": "0.92536", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479205", "reference_id": "1479205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479205" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7786" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcyv-192g-3ygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/609?format=api", "vulnerability_id": "VCID-k458-ek4h-4kht", "summary": "Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78455", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78419", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78446", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479191", "reference_id": "1479191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479191" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7779" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k458-ek4h-4kht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/606?format=api", "vulnerability_id": "VCID-md7v-but8-7qdz", "summary": "On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7791.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7791.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01355", "scoring_system": "epss", "scoring_elements": "0.80483", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01355", "scoring_system": "epss", "scoring_elements": "0.80454", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01355", "scoring_system": "epss", "scoring_elements": "0.80481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:N" }, { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479209", "reference_id": "1479209", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479209" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7791" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-md7v-but8-7qdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4536?format=api", "vulnerability_id": "VCID-njra-xv9f-ffck", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.66177", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.66186", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00495", "scoring_system": "epss", "scoring_elements": "0.66125", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472225", "reference_id": "1472225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472225" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" }, { "reference_url": "https://usn.ubuntu.com/3398-1/", "reference_id": "USN-3398-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3398-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7777" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njra-xv9f-ffck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/594?format=api", "vulnerability_id": "VCID-p1ry-j666-3qhy", "summary": "A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04285", "scoring_system": "epss", "scoring_elements": "0.89056", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04285", "scoring_system": "epss", "scoring_elements": "0.89037", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04285", "scoring_system": "epss", "scoring_elements": "0.89054", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479218", "reference_id": "1479218", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479218" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7800" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1ry-j666-3qhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4539?format=api", "vulnerability_id": "VCID-ppw9-56ha-2bhm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.6873", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68737", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.6869", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472219", "reference_id": "1472219", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472219" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" }, { "reference_url": "https://usn.ubuntu.com/3398-1/", "reference_id": "USN-3398-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3398-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7774" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppw9-56ha-2bhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/648?format=api", "vulnerability_id": "VCID-s4se-eex7-h7a6", "summary": "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7751.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461255", "reference_id": "1461255", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461255" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7751" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4se-eex7-h7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/657?format=api", "vulnerability_id": "VCID-s8cd-xy2t-vyem", "summary": "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77753", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77719", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01035", "scoring_system": "epss", "scoring_elements": "0.77746", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461262", "reference_id": "1461262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461262" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7764" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8cd-xy2t-vyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/651?format=api", "vulnerability_id": "VCID-u7r9-ukbq-mkb4", "summary": "An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01409", "scoring_system": "epss", "scoring_elements": "0.8087", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01409", "scoring_system": "epss", "scoring_elements": "0.8084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01409", "scoring_system": "epss", "scoring_elements": "0.80868", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461257", "reference_id": "1461257", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461257" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7754" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7r9-ukbq-mkb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/652?format=api", "vulnerability_id": "VCID-uaga-tye9-gqg1", "summary": "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7756.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7756.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461258", "reference_id": "1461258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461258" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7756" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uaga-tye9-gqg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/654?format=api", "vulnerability_id": "VCID-uh5h-t12y-h3b1", "summary": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01434", "scoring_system": "epss", "scoring_elements": "0.81061", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01434", "scoring_system": "epss", "scoring_elements": "0.81029", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01434", "scoring_system": "epss", "scoring_elements": "0.81058", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461260", "reference_id": "1461260", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461260" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" }, { "reference_url": "https://usn.ubuntu.com/3398-1/", "reference_id": "USN-3398-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3398-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7778" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh5h-t12y-h3b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/603?format=api", "vulnerability_id": "VCID-uww5-29jb-n3gc", "summary": "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7807.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7807.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.74054", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.74016", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00778", "scoring_system": "epss", "scoring_elements": "0.74049", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479227", "reference_id": "1479227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479227" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7807" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uww5-29jb-n3gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/655?format=api", "vulnerability_id": "VCID-wxca-7hua-tubu", "summary": "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01684", "scoring_system": "epss", "scoring_elements": "0.82572", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01684", "scoring_system": "epss", "scoring_elements": "0.82545", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461261", "reference_id": "1461261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461261" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15", "reference_id": "mfsa2017-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16", "reference_id": "mfsa2017-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17", "reference_id": "mfsa2017-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7758" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxca-7hua-tubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/599?format=api", "vulnerability_id": "VCID-x2hg-g7n3-8qbw", "summary": "A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08433", "scoring_system": "epss", "scoring_elements": "0.92492", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08433", "scoring_system": "epss", "scoring_elements": "0.92484", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08433", "scoring_system": "epss", "scoring_elements": "0.92497", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479203", "reference_id": "1479203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479203" }, { "reference_url": "https://security.archlinux.org/ASA-201708-18", "reference_id": "ASA-201708-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-18" }, { "reference_url": "https://security.archlinux.org/ASA-201708-3", "reference_id": "ASA-201708-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-3" }, { "reference_url": "https://security.archlinux.org/AVG-375", "reference_id": "AVG-375", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-375" }, { "reference_url": "https://security.archlinux.org/AVG-385", "reference_id": "AVG-385", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-385" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18", "reference_id": "mfsa2017-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19", "reference_id": "mfsa2017-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20", "reference_id": "mfsa2017-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2456", "reference_id": "RHSA-2017:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2534", "reference_id": "RHSA-2017:2534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2534" }, { "reference_url": "https://usn.ubuntu.com/3391-1/", "reference_id": "USN-3391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3391-1/" }, { "reference_url": "https://usn.ubuntu.com/3416-1/", "reference_id": "USN-3416-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3416-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7785" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hg-g7n3-8qbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4540?format=api", "vulnerability_id": "VCID-zakg-k4hk-fyhm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70379", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70388", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70337", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472215", "reference_id": "1472215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472215" }, { "reference_url": "https://security.archlinux.org/ASA-201706-19", "reference_id": "ASA-201706-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-19" }, { "reference_url": "https://security.archlinux.org/ASA-201706-20", "reference_id": "ASA-201706-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-20" }, { "reference_url": "https://security.archlinux.org/AVG-302", "reference_id": "AVG-302", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-302" }, { "reference_url": "https://security.archlinux.org/AVG-303", "reference_id": "AVG-303", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-303" }, { "reference_url": "https://security.gentoo.org/glsa/201710-13", "reference_id": "GLSA-201710-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-13" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1440", "reference_id": "RHSA-2017:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1561", "reference_id": "RHSA-2017:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1793", "reference_id": "RHSA-2017:1793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1793" }, { "reference_url": "https://usn.ubuntu.com/3315-1/", "reference_id": "USN-3315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3315-1/" }, { "reference_url": "https://usn.ubuntu.com/3321-1/", "reference_id": "USN-3321-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3321-1/" }, { "reference_url": "https://usn.ubuntu.com/3398-1/", "reference_id": "USN-3398-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3398-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4284?format=api", "purl": "pkg:deb/debian/icedove@1:52.3.0-4~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2" } ], "aliases": [ "CVE-2017-7773" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zakg-k4hk-fyhm" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/546?format=api", "vulnerability_id": "VCID-11uz-v7pw-v7hw", "summary": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5383.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83939", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83913", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01986", "scoring_system": "epss", "scoring_elements": "0.83936", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416281", "reference_id": "1416281", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416281" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5383" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1935?format=api", "vulnerability_id": "VCID-1bx2-4ka7-w3cr", "summary": "The CESG, the Information Security Arm of GCHQ, reported a dangling\npointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)\nthat could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted\nNPAPI plugin in concert with scripted web content, resulting in a potentially exploitable\ncrash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74356", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74389", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74394", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315778", "reference_id": "1315778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966", "reference_id": "CVE-2016-1966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31", "reference_id": "mfsa2016-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1966" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/232?format=api", "vulnerability_id": "VCID-1es7-pnwd-pfdw", "summary": "A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.957", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95691", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20609", "scoring_system": "epss", "scoring_elements": "0.95696", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395061", "reference_id": "1395061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395061" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9066" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1es7-pnwd-pfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217?format=api", "vulnerability_id": "VCID-2dx6-ehwy-xubu", "summary": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36421", "scoring_system": "epss", "scoring_elements": "0.97212", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.36421", "scoring_system": "epss", "scoring_elements": "0.97205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.36421", "scoring_system": "epss", "scoring_elements": "0.9721", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404083", "reference_id": "1404083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404083" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html", "reference_id": "CVE-2016-9899", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2973", "reference_id": "RHSA-2016:2973", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2973" }, { "reference_url": "https://usn.ubuntu.com/3155-1/", "reference_id": "USN-3155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3155-1/" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9899" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/540?format=api", "vulnerability_id": "VCID-3am9-1vdf-27gt", "summary": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.58393", "scoring_system": "epss", "scoring_elements": "0.98236", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.58393", "scoring_system": "epss", "scoring_elements": "0.98233", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416271", "reference_id": "1416271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416271" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5375" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=api", "vulnerability_id": "VCID-3uny-z4bs-9bfk", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2791" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791", "reference_id": "CVE-2016-2791", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2791" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/541?format=api", "vulnerability_id": "VCID-442s-jgvp-gfav", "summary": "Use-after-free while manipulating XSL in XSLT documents", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5376.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.8325", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83223", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83249", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416272", "reference_id": "1416272", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416272" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5376" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218?format=api", "vulnerability_id": "VCID-4cyw-yxhd-77af", "summary": "Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72636", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72589", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72629", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404086", "reference_id": "1404086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404086" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2973", "reference_id": "RHSA-2016:2973", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2973" }, { "reference_url": "https://usn.ubuntu.com/3155-1/", "reference_id": "USN-3155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3155-1/" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9895" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/228?format=api", "vulnerability_id": "VCID-4eg8-dc82-fqd6", "summary": "Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86151", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86127", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86148", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404096", "reference_id": "1404096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404096" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2973", "reference_id": "RHSA-2016:2973", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2973" }, { "reference_url": "https://usn.ubuntu.com/3155-1/", "reference_id": "USN-3155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3155-1/" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9893" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/522?format=api", "vulnerability_id": "VCID-4gky-p4gv-u7cw", "summary": "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01068", "scoring_system": "epss", "scoring_elements": "0.78097", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01068", "scoring_system": "epss", "scoring_elements": "0.7809", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01068", "scoring_system": "epss", "scoring_elements": "0.78063", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429784", "reference_id": "1429784", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429784" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5408" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gky-p4gv-u7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=api", "vulnerability_id": "VCID-4hgx-k5jn-ckeu", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72412", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72453", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72461", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1977" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977", "reference_id": "CVE-2016-1977", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1977" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/519?format=api", "vulnerability_id": "VCID-4ncv-bsfh-kufk", "summary": "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5410.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5410.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01677", "scoring_system": "epss", "scoring_elements": "0.8253", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01677", "scoring_system": "epss", "scoring_elements": "0.82531", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01677", "scoring_system": "epss", "scoring_elements": "0.82502", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5410" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429783", "reference_id": "1429783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429783" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5410" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ncv-bsfh-kufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=api", "vulnerability_id": "VCID-4r11-gv5n-rbhb", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2793", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68711", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68751", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68759", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2793" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793", "reference_id": "CVE-2016-2793", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2793" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/539?format=api", "vulnerability_id": "VCID-53n9-hyzh-yyaz", "summary": "Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.84156", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.84153", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.8413", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429786", "reference_id": "1429786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429786" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5398" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53n9-hyzh-yyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/547?format=api", "vulnerability_id": "VCID-5m57-7cch-v3ga", "summary": "Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5373.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.8325", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83223", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83249", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415924", "reference_id": "1415924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415924" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5373" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/229?format=api", "vulnerability_id": "VCID-6xqg-t9fu-2kfk", "summary": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85844", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.8582", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0257", "scoring_system": "epss", "scoring_elements": "0.85842", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395055", "reference_id": "1395055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395055" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5296" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqg-t9fu-2kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1965?format=api", "vulnerability_id": "VCID-7hry-whqg-97gm", "summary": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2807", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83029", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83056", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2807" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330271", "reference_id": "1330271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807", "reference_id": "CVE-2016-2807", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39", "reference_id": "mfsa2016-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0695", "reference_id": "RHSA-2016:0695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1041", "reference_id": "RHSA-2016:1041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1041" }, { "reference_url": "https://usn.ubuntu.com/2936-1/", "reference_id": "USN-2936-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2936-1/" }, { "reference_url": "https://usn.ubuntu.com/2973-1/", "reference_id": "USN-2973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2807" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=api", "vulnerability_id": "VCID-86p5-m5xh-wba9", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2798" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798", "reference_id": "CVE-2016-2798", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2798" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=api", "vulnerability_id": "VCID-9hcm-h8uk-xygz", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802", "reference_id": "CVE-2016-2802", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2802" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/233?format=api", "vulnerability_id": "VCID-9tuh-j2va-53hy", "summary": "A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11283", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11204", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11291", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395065", "reference_id": "1395065", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395065" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5291" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tuh-j2va-53hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=api", "vulnerability_id": "VCID-9wc3-cjef-3ucq", "summary": "Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01867", "scoring_system": "epss", "scoring_elements": "0.83439", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01867", "scoring_system": "epss", "scoring_elements": "0.83464", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01867", "scoring_system": "epss", "scoring_elements": "0.83465", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1950" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310509", "reference_id": "1310509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310509" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950", "reference_id": "CVE-2016-1950", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35", "reference_id": "mfsa2016-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0370", "reference_id": "RHSA-2016:0370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0371", "reference_id": "RHSA-2016:0371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0495", "reference_id": "RHSA-2016:0495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0495" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2924-1/", "reference_id": "USN-2924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2924-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1950" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=api", "vulnerability_id": "VCID-a5ee-c6f4-tufu", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2790" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790", "reference_id": "CVE-2016-2790", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2790" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=api", "vulnerability_id": "VCID-b1zu-35mw-jkdg", "summary": "Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58136", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58143", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315573", "reference_id": "1315573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957", "reference_id": "CVE-2016-1957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20", "reference_id": "mfsa2016-20", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1957" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/545?format=api", "vulnerability_id": "VCID-bn6e-q2fz-7fba", "summary": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.8473", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84703", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416280", "reference_id": "1416280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416280" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5396" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=api", "vulnerability_id": "VCID-cr9v-b95v-eyha", "summary": "Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66064", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66116", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66127", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1974" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315785", "reference_id": "1315785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974", "reference_id": "CVE-2016-1974", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34", "reference_id": "mfsa2016-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1974" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/512?format=api", "vulnerability_id": "VCID-d5gv-m4u7-3bfc", "summary": "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5400.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77637", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77629", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77601", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429778", "reference_id": "1429778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429778" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5400" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gv-m4u7-3bfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=api", "vulnerability_id": "VCID-dhjd-31cm-1fh6", "summary": "Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86455", "scoring_system": "epss", "scoring_elements": "0.99427", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.86455", "scoring_system": "epss", "scoring_elements": "0.99428", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315576", "reference_id": "1315576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960", "reference_id": "CVE-2016-1960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html", "reference_id": "CVE-2016-1960", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html", "reference_id": "CVE-2017-5375;CVE-2016-1960", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23", "reference_id": "mfsa2016-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1960" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=api", "vulnerability_id": "VCID-dxam-cewh-63dt", "summary": "Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02706", "scoring_system": "epss", "scoring_elements": "0.86175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02706", "scoring_system": "epss", "scoring_elements": "0.86195", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02706", "scoring_system": "epss", "scoring_elements": "0.86198", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1954" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315569", "reference_id": "1315569", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954", "reference_id": "CVE-2016-1954", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17", "reference_id": "mfsa2016-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1954" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/247?format=api", "vulnerability_id": "VCID-e35v-ppxg-tkd1", "summary": "Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5257.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5257.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00909", "scoring_system": "epss", "scoring_elements": "0.76195", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00909", "scoring_system": "epss", "scoring_elements": "0.76168", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00909", "scoring_system": "epss", "scoring_elements": "0.76193", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377543", "reference_id": "1377543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377543" }, { "reference_url": "https://security.archlinux.org/ASA-201609-22", "reference_id": "ASA-201609-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-22" }, { "reference_url": "https://security.archlinux.org/AVG-24", "reference_id": "AVG-24", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-24" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85", "reference_id": "mfsa2016-85", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-86", "reference_id": "mfsa2016-86", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-86" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-88", "reference_id": "mfsa2016-88", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-88" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1912", "reference_id": "RHSA-2016:1912", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1912" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1985", "reference_id": "RHSA-2016:1985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1985" }, { "reference_url": "https://usn.ubuntu.com/3076-1/", "reference_id": "USN-3076-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3076-1/" }, { "reference_url": "https://usn.ubuntu.com/3112-1/", "reference_id": "USN-3112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3112-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5257" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e35v-ppxg-tkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1938?format=api", "vulnerability_id": "VCID-eefa-gdnq-8kb7", "summary": "Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2836.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67729", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.6777", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67776", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2836" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361974", "reference_id": "1361974", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361974" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836", "reference_id": "CVE-2016-2836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-62", "reference_id": "mfsa2016-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-62" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1551", "reference_id": "RHSA-2016:1551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1809", "reference_id": "RHSA-2016:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1809" }, { "reference_url": "https://usn.ubuntu.com/3044-1/", "reference_id": "USN-3044-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3044-1/" }, { "reference_url": "https://usn.ubuntu.com/3073-1/", "reference_id": "USN-3073-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3073-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2836" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eefa-gdnq-8kb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1968?format=api", "vulnerability_id": "VCID-egv5-6c33-tfb9", "summary": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.7637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76397", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00922", "scoring_system": "epss", "scoring_elements": "0.76399", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2805" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330266", "reference_id": "1330266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330266" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805", "reference_id": "CVE-2016-2805", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39", "reference_id": "mfsa2016-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0695", "reference_id": "RHSA-2016:0695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1041", "reference_id": "RHSA-2016:1041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1041" }, { "reference_url": "https://usn.ubuntu.com/2973-1/", "reference_id": "USN-2973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2805" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egv5-6c33-tfb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1922?format=api", "vulnerability_id": "VCID-fam8-n44k-2qh7", "summary": "Mozilla developer Tim Taubert used the Address Sanitizer tool and\nsoftware fuzzing to discover a use-after-free vulnerability while processing DER encoded\nkeys in the Network Security Services (NSS) libraries. The vulnerability overwrites the\nfreed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox\n45.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1979.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72534", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72575", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72582", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1979" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315202", "reference_id": "1315202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979", "reference_id": "CVE-2016-1979", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36", "reference_id": "mfsa2016-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0591", "reference_id": "RHSA-2016:0591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0684", "reference_id": "RHSA-2016:0684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0685", "reference_id": "RHSA-2016:0685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0685" }, { "reference_url": "https://usn.ubuntu.com/2973-1/", "reference_id": "USN-2973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1979" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1864?format=api", "vulnerability_id": "VCID-ftnc-qwd9-jubp", "summary": "Security researcher Dominique Hazaël-Massieux reported a\nuse-after-free issue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed from within a call\nthrough it.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1962.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02149", "scoring_system": "epss", "scoring_elements": "0.84559", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02149", "scoring_system": "epss", "scoring_elements": "0.84584", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02149", "scoring_system": "epss", "scoring_elements": "0.84588", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1962" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315578", "reference_id": "1315578", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315578" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962", "reference_id": "CVE-2016-1962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-25", "reference_id": "mfsa2016-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1962" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnc-qwd9-jubp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=api", "vulnerability_id": "VCID-fxjs-kgb3-6bb7", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75641", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75669", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75672", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2794" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794", "reference_id": "CVE-2016-2794", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2794" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/513?format=api", "vulnerability_id": "VCID-jc41-75ha-97c9", "summary": "A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01865", "scoring_system": "epss", "scoring_elements": "0.83447", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01865", "scoring_system": "epss", "scoring_elements": "0.83446", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01865", "scoring_system": "epss", "scoring_elements": "0.83421", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429779", "reference_id": "1429779", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429779" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5401" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-75ha-97c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=api", "vulnerability_id": "VCID-jr76-2aht-uqb2", "summary": "Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00749", "scoring_system": "epss", "scoring_elements": "0.73475", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00749", "scoring_system": "epss", "scoring_elements": "0.73511", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00749", "scoring_system": "epss", "scoring_elements": "0.73516", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315577", "reference_id": "1315577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961", "reference_id": "CVE-2016-1961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24", "reference_id": "mfsa2016-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1961" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=api", "vulnerability_id": "VCID-jubn-vjus-h3e8", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792", "reference_id": "CVE-2016-2792", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2792" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250?format=api", "vulnerability_id": "VCID-k1rz-f92p-ducs", "summary": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99359", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99357", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.84813", "scoring_system": "epss", "scoring_elements": "0.99358", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1037370", "reference_id": "1037370", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://www.securitytracker.com/id/1037370" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400376", "reference_id": "1400376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400376" }, { "reference_url": "https://www.exploit-db.com/exploits/41151/", "reference_id": "41151", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.exploit-db.com/exploits/41151/" }, { "reference_url": "https://www.exploit-db.com/exploits/42327/", "reference_id": "42327", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.exploit-db.com/exploits/42327/" }, { "reference_url": "http://www.securityfocus.com/bid/94591", "reference_id": "94591", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://www.securityfocus.com/bid/94591" }, { "reference_url": "https://security.archlinux.org/ASA-201612-1", "reference_id": "ASA-201612-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-1" }, { "reference_url": "https://security.archlinux.org/ASA-201612-2", "reference_id": "ASA-201612-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-2" }, { "reference_url": "https://security.archlinux.org/AVG-90", "reference_id": "AVG-90", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-90" }, { "reference_url": "https://security.archlinux.org/AVG-91", "reference_id": "AVG-91", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-91" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb", "reference_id": "CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb", "reference_id": "CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html", "reference_id": "CVE-2017-5375;CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html" }, { "reference_url": "https://rh0dev.github.io/blog/2017/the-return-of-the-jit/", "reference_id": "CVE-2017-5375;CVE-2016-9079", "reference_type": "exploit", "scores": [], "url": "https://rh0dev.github.io/blog/2017/the-return-of-the-jit/" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3730", "reference_id": "dsa-3730", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.debian.org/security/2016/dsa-3730" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://security.gentoo.org/glsa/201701-35", "reference_id": "GLSA-201701-35", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://security.gentoo.org/glsa/201701-35" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92", "reference_id": "mfsa2016-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "reference_id": "mfsa2016-92", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2843", "reference_id": "RHSA-2016:2843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2843" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "reference_id": "RHSA-2016-2843.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2850", "reference_id": "RHSA-2016:2850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2850" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "reference_id": "RHSA-2016-2850.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "reference_id": "show_bug.cgi?id=1321066", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066" }, { "reference_url": "https://usn.ubuntu.com/3140-1/", "reference_id": "USN-3140-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3140-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9079" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=api", "vulnerability_id": "VCID-kcpz-uwq4-skf4", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.711", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.71143", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.71149", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2799" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799", "reference_id": "CVE-2016-2799", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2799" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/235?format=api", "vulnerability_id": "VCID-kkjv-tyxm-6ub7", "summary": "Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01874", "scoring_system": "epss", "scoring_elements": "0.83492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395066", "reference_id": "1395066", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395066" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2825", "reference_id": "RHSA-2016:2825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2825" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5290" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjv-tyxm-6ub7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=api", "vulnerability_id": "VCID-ksda-d24x-8bcf", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68711", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68751", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68759", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797", "reference_id": "CVE-2016-2797", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2797" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/222?format=api", "vulnerability_id": "VCID-m1ve-ttqh-3ucn", "summary": "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01417", "scoring_system": "epss", "scoring_elements": "0.80943", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01417", "scoring_system": "epss", "scoring_elements": "0.80913", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01417", "scoring_system": "epss", "scoring_elements": "0.80941", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404090", "reference_id": "1404090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404090" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2973", "reference_id": "RHSA-2016:2973", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2973" }, { "reference_url": "https://usn.ubuntu.com/3155-1/", "reference_id": "USN-3155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3155-1/" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9900" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/535?format=api", "vulnerability_id": "VCID-m2ee-rr9r-u3ge", "summary": "Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5405.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5405.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.85224", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.85219", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02352", "scoring_system": "epss", "scoring_elements": "0.85194", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429785", "reference_id": "1429785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429785" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5405" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ee-rr9r-u3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/542?format=api", "vulnerability_id": "VCID-m7n2-1ppv-jfcm", "summary": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.82031", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.81996", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01592", "scoring_system": "epss", "scoring_elements": "0.8203", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416273", "reference_id": "1416273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416273" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5378" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=api", "vulnerability_id": "VCID-mxj9-cgmx-zkg9", "summary": "Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72412", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72453", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72461", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1964" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315774", "reference_id": "1315774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964", "reference_id": "CVE-2016-1964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27", "reference_id": "mfsa2016-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-1964" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/544?format=api", "vulnerability_id": "VCID-n9bg-836z-abb8", "summary": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5390.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01911", "scoring_system": "epss", "scoring_elements": "0.83651", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01911", "scoring_system": "epss", "scoring_elements": "0.83626", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416279", "reference_id": "1416279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416279" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5390" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/518?format=api", "vulnerability_id": "VCID-nv26-s56m-vkdh", "summary": "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5407.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5407.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01045", "scoring_system": "epss", "scoring_elements": "0.77857", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01045", "scoring_system": "epss", "scoring_elements": "0.77851", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01045", "scoring_system": "epss", "scoring_elements": "0.77824", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429782", "reference_id": "1429782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429782" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5407" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nv26-s56m-vkdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=api", "vulnerability_id": "VCID-s874-n3jb-23h1", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68794", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68842", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2796" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796", "reference_id": "CVE-2016-2796", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2796" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1966?format=api", "vulnerability_id": "VCID-ta8f-s9rp-dqc3", "summary": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2806.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2806.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83029", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83056", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2806" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330270", "reference_id": "1330270", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806", "reference_id": "CVE-2016-2806", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39", "reference_id": "mfsa2016-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0695", "reference_id": "RHSA-2016:0695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0695" }, { "reference_url": "https://usn.ubuntu.com/2936-1/", "reference_id": "USN-2936-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2936-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2806" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ta8f-s9rp-dqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/221?format=api", "vulnerability_id": "VCID-vdup-4rw5-bke7", "summary": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02604", "scoring_system": "epss", "scoring_elements": "0.85927", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02604", "scoring_system": "epss", "scoring_elements": "0.85902", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02604", "scoring_system": "epss", "scoring_elements": "0.85924", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404089", "reference_id": "1404089", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404089" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://usn.ubuntu.com/3155-1/", "reference_id": "USN-3155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3155-1/" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9898" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/249?format=api", "vulnerability_id": "VCID-vfzf-pypu-qufk", "summary": "A potentially exploitable crash in EnumerateSubDocuments while adding or removing sub-documents.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9905.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9905.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01174", "scoring_system": "epss", "scoring_elements": "0.79034", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01174", "scoring_system": "epss", "scoring_elements": "0.7906", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01174", "scoring_system": "epss", "scoring_elements": "0.79066", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404094", "reference_id": "1404094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404094" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2973", "reference_id": "RHSA-2016:2973", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2973" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9905" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfzf-pypu-qufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/231?format=api", "vulnerability_id": "VCID-vhgu-g4te-7bff", "summary": "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.83232", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.83205", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01818", "scoring_system": "epss", "scoring_elements": "0.83231", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395058", "reference_id": "1395058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395058" }, { "reference_url": "https://security.archlinux.org/ASA-201611-16", "reference_id": "ASA-201611-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-16" }, { "reference_url": "https://security.archlinux.org/AVG-72", "reference_id": "AVG-72", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-72" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2780", "reference_id": "RHSA-2016:2780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2780" }, { "reference_url": "https://usn.ubuntu.com/3124-1/", "reference_id": "USN-3124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3124-1/" }, { "reference_url": "https://usn.ubuntu.com/3141-1/", "reference_id": "USN-3141-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3141-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-5297" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhgu-g4te-7bff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1897?format=api", "vulnerability_id": "VCID-w3p3-evn1-eqgm", "summary": "Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2818.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52455", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52514", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52523", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2818" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342887", "reference_id": "1342887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818", "reference_id": "CVE-2016-2818", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-49", "reference_id": "mfsa2016-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1217", "reference_id": "RHSA-2016:1217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1392", "reference_id": "RHSA-2016:1392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1392" }, { "reference_url": "https://usn.ubuntu.com/2993-1/", "reference_id": "USN-2993-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2993-1/" }, { "reference_url": "https://usn.ubuntu.com/3023-1/", "reference_id": "USN-3023-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2818" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3p3-evn1-eqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220?format=api", "vulnerability_id": "VCID-wbtg-ecpe-8bcy", "summary": "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0395", "scoring_system": "epss", "scoring_elements": "0.88581", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0395", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0395", "scoring_system": "epss", "scoring_elements": "0.88578", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404087", "reference_id": "1404087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404087" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://usn.ubuntu.com/3155-1/", "reference_id": "USN-3155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3155-1/" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9897" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=api", "vulnerability_id": "VCID-wd34-8uw6-2uh4", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801", "reference_id": "CVE-2016-2801", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2801" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/514?format=api", "vulnerability_id": "VCID-wx4s-73zs-cfap", "summary": "A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02557", "scoring_system": "epss", "scoring_elements": "0.85807", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02557", "scoring_system": "epss", "scoring_elements": "0.85804", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02557", "scoring_system": "epss", "scoring_elements": "0.85782", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429780", "reference_id": "1429780", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429780" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5402" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wx4s-73zs-cfap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/234?format=api", "vulnerability_id": "VCID-x4x5-44xh-6uat", "summary": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01221", "scoring_system": "epss", "scoring_elements": "0.79465", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01221", "scoring_system": "epss", "scoring_elements": "0.79432", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01221", "scoring_system": "epss", "scoring_elements": "0.79459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396548", "reference_id": "1396548", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396548" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://security.gentoo.org/glsa/201701-46", "reference_id": "GLSA-201701-46", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-46" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" }, { "reference_url": "https://usn.ubuntu.com/3163-1/", "reference_id": "USN-3163-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3163-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9074" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4x5-44xh-6uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=api", "vulnerability_id": "VCID-xmkv-47hn-43ck", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2800" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800", "reference_id": "CVE-2016-2800", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2800" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/516?format=api", "vulnerability_id": "VCID-xtbe-gv4p-23fn", "summary": "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26462", "scoring_system": "epss", "scoring_elements": "0.96431", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.26462", "scoring_system": "epss", "scoring_elements": "0.96427", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.26462", "scoring_system": "epss", "scoring_elements": "0.96423", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429781", "reference_id": "1429781", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429781" }, { "reference_url": "https://security.archlinux.org/ASA-201703-2", "reference_id": "ASA-201703-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-2" }, { "reference_url": "https://security.archlinux.org/ASA-201703-3", "reference_id": "ASA-201703-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-3" }, { "reference_url": "https://security.archlinux.org/AVG-193", "reference_id": "AVG-193", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-193" }, { "reference_url": "https://security.archlinux.org/AVG-194", "reference_id": "AVG-194", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-194" }, { "reference_url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1130", "reference_id": "CVE-2017-5404;MFSA2017-05", "reference_type": "exploit", "scores": [], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1130" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41660.html", "reference_id": "CVE-2017-5404;MFSA2017-05", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41660.html" }, { "reference_url": "https://security.gentoo.org/glsa/201705-06", "reference_id": "GLSA-201705-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-06" }, { "reference_url": "https://security.gentoo.org/glsa/201705-07", "reference_id": "GLSA-201705-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05", "reference_id": "mfsa2017-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06", "reference_id": "mfsa2017-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07", "reference_id": "mfsa2017-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09", "reference_id": "mfsa2017-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0459", "reference_id": "RHSA-2017:0459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0461", "reference_id": "RHSA-2017:0461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0498", "reference_id": "RHSA-2017:0498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0498" }, { "reference_url": "https://usn.ubuntu.com/3216-1/", "reference_id": "USN-3216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3216-1/" }, { "reference_url": "https://usn.ubuntu.com/3233-1/", "reference_id": "USN-3233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5404" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtbe-gv4p-23fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/543?format=api", "vulnerability_id": "VCID-yk3y-5my9-auak", "summary": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5380.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.8325", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83223", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83249", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416274", "reference_id": "1416274", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416274" }, { "reference_url": "https://security.archlinux.org/ASA-201701-39", "reference_id": "ASA-201701-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-39" }, { "reference_url": "https://security.archlinux.org/ASA-201701-40", "reference_id": "ASA-201701-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-40" }, { "reference_url": "https://security.archlinux.org/AVG-157", "reference_id": "AVG-157", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-157" }, { "reference_url": "https://security.archlinux.org/AVG-158", "reference_id": "AVG-158", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-158" }, { "reference_url": "https://security.gentoo.org/glsa/201702-13", "reference_id": "GLSA-201702-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-13" }, { "reference_url": "https://security.gentoo.org/glsa/201702-22", "reference_id": "GLSA-201702-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01", "reference_id": "mfsa2017-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02", "reference_id": "mfsa2017-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03", "reference_id": "mfsa2017-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0190", "reference_id": "RHSA-2017:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0238", "reference_id": "RHSA-2017:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0238" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" }, { "reference_url": "https://usn.ubuntu.com/3175-1/", "reference_id": "USN-3175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2017-5380" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=api", "vulnerability_id": "VCID-yssr-7m7d-b7fh", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68793", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2795" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795", "reference_id": "1315795", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1315795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795", "reference_id": "CVE-2016-2795", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://security.gentoo.org/glsa/201701-63", "reference_id": "GLSA-201701-63", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-63" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0373", "reference_id": "RHSA-2016:0373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0460", "reference_id": "RHSA-2016:0460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0460" }, { "reference_url": "https://usn.ubuntu.com/2917-1/", "reference_id": "USN-2917-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2917-1/" }, { "reference_url": "https://usn.ubuntu.com/2927-1/", "reference_id": "USN-2927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2927-1/" }, { "reference_url": "https://usn.ubuntu.com/2934-1/", "reference_id": "USN-2934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4048?format=api", "purl": "pkg:deb/debian/icedove@38.7.0-1~deb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11uz-v7pw-v7hw" }, { "vulnerability": "VCID-1bx2-4ka7-w3cr" }, { "vulnerability": "VCID-1es7-pnwd-pfdw" }, { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3am9-1vdf-27gt" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-3uny-z4bs-9bfk" }, { "vulnerability": "VCID-442s-jgvp-gfav" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-4gky-p4gv-u7cw" }, { "vulnerability": "VCID-4hgx-k5jn-ckeu" }, { "vulnerability": "VCID-4ncv-bsfh-kufk" }, { "vulnerability": "VCID-4r11-gv5n-rbhb" }, { "vulnerability": "VCID-53n9-hyzh-yyaz" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-5m57-7cch-v3ga" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-6xqg-t9fu-2kfk" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-7hry-whqg-97gm" }, { "vulnerability": "VCID-86p5-m5xh-wba9" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-9hcm-h8uk-xygz" }, { "vulnerability": "VCID-9tuh-j2va-53hy" }, { "vulnerability": "VCID-9wc3-cjef-3ucq" }, { "vulnerability": "VCID-a5ee-c6f4-tufu" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-b1zu-35mw-jkdg" }, { "vulnerability": "VCID-bn6e-q2fz-7fba" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-cr9v-b95v-eyha" }, { "vulnerability": "VCID-d5gv-m4u7-3bfc" }, { "vulnerability": "VCID-dhjd-31cm-1fh6" }, { "vulnerability": "VCID-dxam-cewh-63dt" }, { "vulnerability": "VCID-e35v-ppxg-tkd1" }, { "vulnerability": "VCID-eefa-gdnq-8kb7" }, { "vulnerability": "VCID-egv5-6c33-tfb9" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fam8-n44k-2qh7" }, { "vulnerability": "VCID-ftnc-qwd9-jubp" }, { "vulnerability": "VCID-fxjs-kgb3-6bb7" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-jc41-75ha-97c9" }, { "vulnerability": "VCID-jr76-2aht-uqb2" }, { "vulnerability": "VCID-jubn-vjus-h3e8" }, { "vulnerability": "VCID-k1rz-f92p-ducs" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-kcpz-uwq4-skf4" }, { "vulnerability": "VCID-kkjv-tyxm-6ub7" }, { "vulnerability": "VCID-ksda-d24x-8bcf" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-m2ee-rr9r-u3ge" }, { "vulnerability": "VCID-m7n2-1ppv-jfcm" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-mxj9-cgmx-zkg9" }, { "vulnerability": "VCID-n9bg-836z-abb8" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-nv26-s56m-vkdh" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s874-n3jb-23h1" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-ta8f-s9rp-dqc3" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-vfzf-pypu-qufk" }, { "vulnerability": "VCID-vhgu-g4te-7bff" }, { "vulnerability": "VCID-w3p3-evn1-eqgm" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-wd34-8uw6-2uh4" }, { "vulnerability": "VCID-wx4s-73zs-cfap" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xmkv-47hn-43ck" }, { "vulnerability": "VCID-xtbe-gv4p-23fn" }, { "vulnerability": "VCID-yk3y-5my9-auak" }, { "vulnerability": "VCID-yssr-7m7d-b7fh" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-2795" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223?format=api", "vulnerability_id": "VCID-zbxg-zh9z-n7gg", "summary": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79214", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79182", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404091", "reference_id": "1404091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404091" }, { "reference_url": "https://security.archlinux.org/ASA-201612-15", "reference_id": "ASA-201612-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-15" }, { "reference_url": "https://security.archlinux.org/AVG-106", "reference_id": "AVG-106", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-106" }, { "reference_url": "https://security.gentoo.org/glsa/201701-15", "reference_id": "GLSA-201701-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-15" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94", "reference_id": "mfsa2016-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95", "reference_id": "mfsa2016-95", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-95" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96", "reference_id": "mfsa2016-96", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-96" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2946", "reference_id": "RHSA-2016:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2946" }, { "reference_url": "https://usn.ubuntu.com/3155-1/", "reference_id": "USN-3155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3155-1/" }, { "reference_url": "https://usn.ubuntu.com/3165-1/", "reference_id": "USN-3165-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3165-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4201?format=api", "purl": "pkg:deb/debian/icedove@1:45.8.0-3~deb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j25-aujy-1fb3" }, { "vulnerability": "VCID-1qr1-6zdx-fqd1" }, { "vulnerability": "VCID-21fd-3bm8-nuhg" }, { "vulnerability": "VCID-2ep2-61mb-cbd3" }, { "vulnerability": "VCID-2nfu-kf32-myag" }, { "vulnerability": "VCID-3qw2-tzj7-u3fa" }, { "vulnerability": "VCID-5a6g-h3b1-vqfy" }, { "vulnerability": "VCID-6pr4-1zfj-9ydj" }, { "vulnerability": "VCID-6s7e-79u3-h7ed" }, { "vulnerability": "VCID-74ur-xkr1-a7er" }, { "vulnerability": "VCID-883g-dbap-u7aw" }, { "vulnerability": "VCID-8hfq-xxg6-tue8" }, { "vulnerability": "VCID-abde-jm4w-5yde" }, { "vulnerability": "VCID-azwt-6846-1kgm" }, { "vulnerability": "VCID-bxpd-zacn-8bfv" }, { "vulnerability": "VCID-f9cy-h7kt-zudr" }, { "vulnerability": "VCID-fznu-jdyc-47hv" }, { "vulnerability": "VCID-gcyv-192g-3ygq" }, { "vulnerability": "VCID-k458-ek4h-4kht" }, { "vulnerability": "VCID-md7v-but8-7qdz" }, { "vulnerability": "VCID-njra-xv9f-ffck" }, { "vulnerability": "VCID-p1ry-j666-3qhy" }, { "vulnerability": "VCID-ppw9-56ha-2bhm" }, { "vulnerability": "VCID-s4se-eex7-h7a6" }, { "vulnerability": "VCID-s8cd-xy2t-vyem" }, { "vulnerability": "VCID-u7r9-ukbq-mkb4" }, { "vulnerability": "VCID-uaga-tye9-gqg1" }, { "vulnerability": "VCID-uh5h-t12y-h3b1" }, { "vulnerability": "VCID-uww5-29jb-n3gc" }, { "vulnerability": "VCID-wxca-7hua-tubu" }, { "vulnerability": "VCID-x2hg-g7n3-8qbw" }, { "vulnerability": "VCID-zakg-k4hk-fyhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" } ], "aliases": [ "CVE-2016-9904" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1" }