Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@50.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 50.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 50.0.2-1

Latest_non_vulnerable_version 149.0.2-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1ur2-g3su-pqd3

vulnerability_id VCID-1ur2-g3su-pqd3

summary A Cliqz.com developer demonstrated that web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5288.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5288.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5288

reference_id

reference_type

scores

value	0.00722
scoring_system	epss
scoring_elements	0.72465
published_at	2026-04-01T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72563
published_at	2026-04-18T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72538
published_at	2026-04-11T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.7252
published_at	2026-04-12T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72511
published_at	2026-04-13T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72553
published_at	2026-04-21T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.7247
published_at	2026-04-02T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72488
published_at	2026-04-04T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72464
published_at	2026-04-07T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72502
published_at	2026-04-08T12:55:00Z

value	0.00722
scoring_system	epss
scoring_elements	0.72515
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5288

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1310183
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1310183

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-87/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-87/

reference_url	http://www.securityfocus.com/bid/93810
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93810

reference_url	http://www.securitytracker.com/id/1037077
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037077

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1387588
reference_id	1387588
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1387588

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5288

reference_id

CVE-2016-5288

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5288

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-87

reference_id

mfsa2016-87

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-87

reference_url	https://usn.ubuntu.com/3111-1/
reference_id	USN-3111-1
reference_type
scores
url	https://usn.ubuntu.com/3111-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5288

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ur2-g3su-pqd3

url VCID-3dea-vjmc-b7eb

vulnerability_id VCID-3dea-vjmc-b7eb

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2780.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2780.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5297

reference_id

reference_type

scores

value	0.01818
scoring_system	epss
scoring_elements	0.829
published_at	2026-04-21T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82846
published_at	2026-04-08T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82853
published_at	2026-04-09T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82869
published_at	2026-04-11T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82864
published_at	2026-04-12T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.8286
published_at	2026-04-13T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82899
published_at	2026-04-16T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82898
published_at	2026-04-18T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82795
published_at	2026-04-01T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82812
published_at	2026-04-02T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82825
published_at	2026-04-04T12:55:00Z

value	0.01818
scoring_system	epss
scoring_elements	0.82821
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5297

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1303678
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1303678

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2016/dsa-3730
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3730

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-90/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-90/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-93/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-93/

reference_url	http://www.securityfocus.com/bid/94336
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94336

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395058
reference_id	1395058
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395058

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5297

reference_id

CVE-2016-5297

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5297

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_url	https://access.redhat.com/errata/RHSA-2016:2780
reference_id	RHSA-2016:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2780

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

reference_url	https://usn.ubuntu.com/3141-1/
reference_id	USN-3141-1
reference_type
scores
url	https://usn.ubuntu.com/3141-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5297

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dea-vjmc-b7eb

url VCID-47dr-szw4-ryfr

vulnerability_id VCID-47dr-szw4-ryfr

summary During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5292

reference_id

reference_type

scores

value	0.00858
scoring_system	epss
scoring_elements	0.74956
published_at	2026-04-01T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75032
published_at	2026-04-21T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75031
published_at	2026-04-11T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.7501
published_at	2026-04-12T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74999
published_at	2026-04-13T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75035
published_at	2026-04-16T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75043
published_at	2026-04-18T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74959
published_at	2026-04-02T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74988
published_at	2026-04-04T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74963
published_at	2026-04-07T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.74997
published_at	2026-04-08T12:55:00Z

value	0.00858
scoring_system	epss
scoring_elements	0.75009
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5292

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1288482
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1288482

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395057
reference_id	1395057
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395057

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5292

reference_id

CVE-2016-5292

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5292

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5292

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47dr-szw4-ryfr

url VCID-545u-wnrj-z3dh

vulnerability_id VCID-545u-wnrj-z3dh

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2780.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2780.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5291

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10894
published_at	2026-04-21T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10897
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1095
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10951
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10918
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10895
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1076
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10773
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10797
published_at	2026-04-01T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10932
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10997
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10822
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5291

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1292159
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1292159

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2016/dsa-3730
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3730

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-90/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-90/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-93/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-93/

reference_url	http://www.securityfocus.com/bid/94336
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94336

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395065
reference_id	1395065
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395065

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5291

reference_id

CVE-2016-5291

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:C/I:N/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5291

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_url	https://access.redhat.com/errata/RHSA-2016:2780
reference_id	RHSA-2016:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2780

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

reference_url	https://usn.ubuntu.com/3141-1/
reference_id	USN-3141-1
reference_type
scores
url	https://usn.ubuntu.com/3141-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5291

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-545u-wnrj-z3dh

url VCID-6cde-35h4-vqaj

vulnerability_id VCID-6cde-35h4-vqaj

summary An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9075

reference_id

reference_type

scores

value	0.02551
scoring_system	epss
scoring_elements	0.85417
published_at	2026-04-01T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85515
published_at	2026-04-21T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85495
published_at	2026-04-11T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85493
published_at	2026-04-12T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.8549
published_at	2026-04-13T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85513
published_at	2026-04-16T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85518
published_at	2026-04-18T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85429
published_at	2026-04-02T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85449
published_at	2026-04-04T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85452
published_at	2026-04-07T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85472
published_at	2026-04-08T12:55:00Z

value	0.02551
scoring_system	epss
scoring_elements	0.85481
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9075

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295324
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295324

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:S/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395101
reference_id	1395101
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395101

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9075

reference_id

CVE-2016-9075

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9075

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9075

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cde-35h4-vqaj

url VCID-6pk2-g77j-h3b2

vulnerability_id VCID-6pk2-g77j-h3b2

summary An integer overflow during the parsing of XML using the Expat library.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9063

reference_id

reference_type

scores

value	0.02427
scoring_system	epss
scoring_elements	0.85074
published_at	2026-04-01T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85165
published_at	2026-04-21T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85108
published_at	2026-04-07T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85129
published_at	2026-04-08T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85136
published_at	2026-04-09T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85151
published_at	2026-04-11T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85148
published_at	2026-04-12T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85145
published_at	2026-04-13T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85166
published_at	2026-04-16T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85167
published_at	2026-04-18T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85086
published_at	2026-04-02T12:55:00Z

value	0.02427
scoring_system	epss
scoring_elements	0.85104
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9063

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1274777
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1274777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3898
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3898

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	http://www.securitytracker.com/id/1039427
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039427

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396540
reference_id	1396540
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396540

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url	https://security.archlinux.org/ASA-201706-32
reference_id	ASA-201706-32
reference_type
scores
url	https://security.archlinux.org/ASA-201706-32

reference_url	https://security.archlinux.org/ASA-201707-27
reference_id	ASA-201707-27
reference_type
scores
url	https://security.archlinux.org/ASA-201707-27

reference_url

https://security.archlinux.org/AVG-305

reference_id

AVG-305

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-305

reference_url

https://security.archlinux.org/AVG-306

reference_id

AVG-306

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-306

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::
reference_id	cpe:2.3:a:python:python::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9063

reference_id

CVE-2016-9063

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9063

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9063

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pk2-g77j-h3b2

url VCID-9gcq-8grt-vfhc

vulnerability_id VCID-9gcq-8grt-vfhc

summary A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9070

reference_id

reference_type

scores

value	0.00688
scoring_system	epss
scoring_elements	0.71692
published_at	2026-04-01T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71762
published_at	2026-04-21T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71765
published_at	2026-04-11T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71748
published_at	2026-04-12T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71731
published_at	2026-04-13T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71774
published_at	2026-04-16T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.7178
published_at	2026-04-18T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71699
published_at	2026-04-02T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71717
published_at	2026-04-04T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71691
published_at	2026-04-07T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71729
published_at	2026-04-08T12:55:00Z

value	0.00688
scoring_system	epss
scoring_elements	0.71741
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9070

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1281071
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1281071

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396549
reference_id	1396549
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396549

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9070

reference_id

CVE-2016-9070

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9070

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9070

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gcq-8grt-vfhc

url VCID-9vy1-km8x-9fd3

vulnerability_id VCID-9vy1-km8x-9fd3

summary firefox: Heap use-after-free in nsINode::ReplaceOrInsertBefore

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9069.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9069.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9069

reference_id

reference_type

scores

value	0.00253
scoring_system	epss
scoring_elements	0.48549
published_at	2026-04-01T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48591
published_at	2026-04-02T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48614
published_at	2026-04-04T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48566
published_at	2026-04-07T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.4862
published_at	2026-04-21T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48616
published_at	2026-04-09T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48633
published_at	2026-04-11T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48607
published_at	2026-04-12T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48619
published_at	2026-04-13T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48669
published_at	2026-04-16T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48664
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9069

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396539
reference_id	1396539
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396539

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9069

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vy1-km8x-9fd3

url VCID-cqtb-7t8w-rug2

vulnerability_id VCID-cqtb-7t8w-rug2

summary A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5287.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5287.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5287

reference_id

reference_type

scores

value	0.00563
scoring_system	epss
scoring_elements	0.68295
published_at	2026-04-01T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68389
published_at	2026-04-21T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68393
published_at	2026-04-12T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.6836
published_at	2026-04-13T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68399
published_at	2026-04-16T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68411
published_at	2026-04-18T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68315
published_at	2026-04-02T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68335
published_at	2026-04-04T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68311
published_at	2026-04-07T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68362
published_at	2026-04-08T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68379
published_at	2026-04-09T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68405
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5287

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309823

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-87/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-87/

reference_url	http://www.securityfocus.com/bid/93811
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93811

reference_url	http://www.securitytracker.com/id/1037077
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037077

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1387586
reference_id	1387586
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1387586

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5287

reference_id

CVE-2016-5287

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5287

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-87

reference_id

mfsa2016-87

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-87

reference_url	https://usn.ubuntu.com/3111-1/
reference_id	USN-3111-1
reference_type
scores
url	https://usn.ubuntu.com/3111-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5287

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqtb-7t8w-rug2

url VCID-f8wd-xgwu-8kgm

vulnerability_id VCID-f8wd-xgwu-8kgm

summary Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9077

reference_id

reference_type

scores

value	0.00171
scoring_system	epss
scoring_elements	0.38292
published_at	2026-04-01T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38295
published_at	2026-04-21T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38393
published_at	2026-04-11T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38356
published_at	2026-04-12T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38331
published_at	2026-04-13T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38379
published_at	2026-04-16T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38358
published_at	2026-04-18T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.3843
published_at	2026-04-02T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38454
published_at	2026-04-04T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38318
published_at	2026-04-07T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38368
published_at	2026-04-08T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38376
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9077

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1298552
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1298552

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395099
reference_id	1395099
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395099

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9077

reference_id

CVE-2016-9077

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9077

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9077

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8wd-xgwu-8kgm

url VCID-jvy8-w1m2-ayaw

vulnerability_id VCID-jvy8-w1m2-ayaw

summary A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9068

reference_id

reference_type

scores

value	0.01719
scoring_system	epss
scoring_elements	0.82321
published_at	2026-04-01T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82431
published_at	2026-04-21T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82375
published_at	2026-04-08T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82382
published_at	2026-04-09T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82401
published_at	2026-04-11T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82397
published_at	2026-04-12T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82392
published_at	2026-04-13T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82426
published_at	2026-04-18T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82335
published_at	2026-04-02T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82353
published_at	2026-04-04T12:55:00Z

value	0.01719
scoring_system	epss
scoring_elements	0.82348
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9068

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1302973
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1302973

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396542
reference_id	1396542
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396542

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9068

reference_id

CVE-2016-9068

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9068

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9068

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvy8-w1m2-ayaw

url VCID-mdpv-kcbb-9ubj

vulnerability_id VCID-mdpv-kcbb-9ubj

summary Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9071

reference_id

reference_type

scores

value	0.00259
scoring_system	epss
scoring_elements	0.49208
published_at	2026-04-01T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49279
published_at	2026-04-21T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49288
published_at	2026-04-11T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49261
published_at	2026-04-12T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49266
published_at	2026-04-13T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49313
published_at	2026-04-16T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.4931
published_at	2026-04-18T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49239
published_at	2026-04-02T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49267
published_at	2026-04-04T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49219
published_at	2026-04-07T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49273
published_at	2026-04-08T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49269
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9071

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1285003
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1285003

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395100
reference_id	1395100
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395100

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9071

reference_id

CVE-2016-9071

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9071

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9071

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdpv-kcbb-9ubj

url VCID-pybp-xzy7-q3a8

vulnerability_id VCID-pybp-xzy7-q3a8

summary Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9067

reference_id

reference_type

scores

value	0.01358
scoring_system	epss
scoring_elements	0.80097
published_at	2026-04-01T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80175
published_at	2026-04-21T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80147
published_at	2026-04-09T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80166
published_at	2026-04-11T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.8015
published_at	2026-04-12T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80142
published_at	2026-04-13T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80172
published_at	2026-04-18T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80104
published_at	2026-04-02T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80124
published_at	2026-04-04T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80112
published_at	2026-04-07T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.8014
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9067

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1301777
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1301777

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1308922
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1308922

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396539
reference_id	1396539
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396539

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9067

reference_id

CVE-2016-9067

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9067

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9067

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pybp-xzy7-q3a8

url VCID-qptm-f15t-57gj

vulnerability_id VCID-qptm-f15t-57gj

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2780.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2780.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2825.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2825.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5290

reference_id

reference_type

scores

value	0.01874
scoring_system	epss
scoring_elements	0.83158
published_at	2026-04-21T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83103
published_at	2026-04-08T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83111
published_at	2026-04-09T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83127
published_at	2026-04-11T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83121
published_at	2026-04-12T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83117
published_at	2026-04-13T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83154
published_at	2026-04-16T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83155
published_at	2026-04-18T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83051
published_at	2026-04-01T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83067
published_at	2026-04-02T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83081
published_at	2026-04-04T12:55:00Z

value	0.01874
scoring_system	epss
scoring_elements	0.83079
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5290

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2016/dsa-3730
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3730

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-90/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-90/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-93/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-93/

reference_url	http://www.securityfocus.com/bid/94335
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94335

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395066
reference_id	1395066
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395066

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5290

reference_id

CVE-2016-5290

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5290

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_url	https://access.redhat.com/errata/RHSA-2016:2780
reference_id	RHSA-2016:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2780

reference_url	https://access.redhat.com/errata/RHSA-2016:2825
reference_id	RHSA-2016:2825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2825

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

reference_url	https://usn.ubuntu.com/3141-1/
reference_id	USN-3141-1
reference_type
scores
url	https://usn.ubuntu.com/3141-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5290

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qptm-f15t-57gj

url VCID-rz6b-kepf-cfg9

vulnerability_id VCID-rz6b-kepf-cfg9

summary Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5289

reference_id

reference_type

scores

value	0.01811
scoring_system	epss
scoring_elements	0.82765
published_at	2026-04-01T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82871
published_at	2026-04-21T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82822
published_at	2026-04-09T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82839
published_at	2026-04-11T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82834
published_at	2026-04-12T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.8283
published_at	2026-04-13T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82869
published_at	2026-04-18T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82781
published_at	2026-04-02T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82795
published_at	2026-04-04T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82791
published_at	2026-04-07T12:55:00Z

value	0.01811
scoring_system	epss
scoring_elements	0.82816
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5289

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395098
reference_id	1395098
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395098

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5289

reference_id

CVE-2016-5289

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5289

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5289

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6b-kepf-cfg9

url VCID-swmb-24y4-1kau

vulnerability_id VCID-swmb-24y4-1kau

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2780.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2780.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9064

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.50819
published_at	2026-04-21T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50792
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50835
published_at	2026-04-11T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50811
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50796
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50834
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.5084
published_at	2026-04-18T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50704
published_at	2026-04-01T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50758
published_at	2026-04-02T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50783
published_at	2026-04-04T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50739
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50795
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9064

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1303418
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1303418

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-90/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-90/

reference_url	http://www.securityfocus.com/bid/94336
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94336

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395060
reference_id	1395060
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395060

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9064

reference_id

CVE-2016-9064

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9064

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url	https://access.redhat.com/errata/RHSA-2016:2780
reference_id	RHSA-2016:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2780

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9064

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swmb-24y4-1kau

url VCID-tgya-wnfn-t7eb

vulnerability_id VCID-tgya-wnfn-t7eb

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2780.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2780.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9066

reference_id

reference_type

scores

value	0.20609
scoring_system	epss
scoring_elements	0.95593
published_at	2026-04-21T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95568
published_at	2026-04-08T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95571
published_at	2026-04-09T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95575
published_at	2026-04-11T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95577
published_at	2026-04-12T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95578
published_at	2026-04-13T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95587
published_at	2026-04-16T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95592
published_at	2026-04-18T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95544
published_at	2026-04-01T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95553
published_at	2026-04-02T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95558
published_at	2026-04-04T12:55:00Z

value	0.20609
scoring_system	epss
scoring_elements	0.95561
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9066

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1299686
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1299686

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2016/dsa-3730
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3730

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-90/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-90/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-93/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-93/

reference_url	http://www.securityfocus.com/bid/94336
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94336

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395061
reference_id	1395061
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395061

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9066

reference_id

CVE-2016-9066

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9066

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_url	https://access.redhat.com/errata/RHSA-2016:2780
reference_id	RHSA-2016:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2780

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

reference_url	https://usn.ubuntu.com/3141-1/
reference_id	USN-3141-1
reference_type
scores
url	https://usn.ubuntu.com/3141-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9066

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgya-wnfn-t7eb

url VCID-v28j-cvrw-p3c7

vulnerability_id VCID-v28j-cvrw-p3c7

summary WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9073

reference_id

reference_type

scores

value	0.00807
scoring_system	epss
scoring_elements	0.7412
published_at	2026-04-01T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74206
published_at	2026-04-21T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74192
published_at	2026-04-11T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74174
published_at	2026-04-12T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74167
published_at	2026-04-13T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74205
published_at	2026-04-16T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74214
published_at	2026-04-18T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74125
published_at	2026-04-02T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74151
published_at	2026-04-04T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74123
published_at	2026-04-07T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.74156
published_at	2026-04-08T12:55:00Z

value	0.00807
scoring_system	epss
scoring_elements	0.7417
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9073

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1289273
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1289273

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396545
reference_id	1396545
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396545

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9073

reference_id

CVE-2016-9073

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9073

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9073

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v28j-cvrw-p3c7

url VCID-yegk-sgdn-z3ae

vulnerability_id VCID-yegk-sgdn-z3ae

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2780.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2780.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5296

reference_id

reference_type

scores

value	0.0257
scoring_system	epss
scoring_elements	0.85565
published_at	2026-04-21T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85522
published_at	2026-04-08T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85531
published_at	2026-04-09T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85545
published_at	2026-04-11T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85544
published_at	2026-04-12T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.8554
published_at	2026-04-13T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85563
published_at	2026-04-16T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85569
published_at	2026-04-18T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85469
published_at	2026-04-01T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85481
published_at	2026-04-02T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85498
published_at	2026-04-04T12:55:00Z

value	0.0257
scoring_system	epss
scoring_elements	0.85502
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5296

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1292443
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1292443

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2016/dsa-3730
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3730

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-90/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-90/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-93/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-93/

reference_url	http://www.securityfocus.com/bid/94339
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94339

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395055
reference_id	1395055
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395055

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5296

reference_id

CVE-2016-5296

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5296

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_url	https://access.redhat.com/errata/RHSA-2016:2780
reference_id	RHSA-2016:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2780

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

reference_url	https://usn.ubuntu.com/3141-1/
reference_id	USN-3141-1
reference_type
scores
url	https://usn.ubuntu.com/3141-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-5296

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yegk-sgdn-z3ae

url VCID-yy4z-p3f1-qbbc

vulnerability_id VCID-yy4z-p3f1-qbbc

summary An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9076

reference_id

reference_type

scores

value	0.00528
scoring_system	epss
scoring_elements	0.67067
published_at	2026-04-01T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67167
published_at	2026-04-21T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67183
published_at	2026-04-11T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67169
published_at	2026-04-12T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67139
published_at	2026-04-13T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67172
published_at	2026-04-16T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67186
published_at	2026-04-18T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67104
published_at	2026-04-02T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67127
published_at	2026-04-04T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67102
published_at	2026-04-07T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67152
published_at	2026-04-08T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67164
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9076

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1276976
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1276976

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-89/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-89/

reference_url	http://www.securityfocus.com/bid/94337
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94337

reference_url	http://www.securitytracker.com/id/1037298
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037298

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396537
reference_id	1396537
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396537

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9076

reference_id

CVE-2016-9076

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9076

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url	https://usn.ubuntu.com/3124-1/
reference_id	USN-3124-1
reference_type
scores
url	https://usn.ubuntu.com/3124-1/

fixed_packages

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@50.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2016-9076

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy4z-p3f1-qbbc

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid

Package Instance