Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@51.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 51.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 52.0-1

Latest_non_vulnerable_version 149.0.2-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4z19-eyh7-9yf4

vulnerability_id VCID-4z19-eyh7-9yf4

summary The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5387

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31897
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31895
published_at	2026-04-01T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31938
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31967
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31971
published_at	2026-04-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31931
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32022
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32063
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31886
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5387

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295023
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295023

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5387

reference_id

CVE-2017-5387

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:N/I:P/A:N

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5387

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5387

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z19-eyh7-9yf4

url VCID-5n3q-eby7-67de

vulnerability_id VCID-5n3q-eby7-67de

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5373.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5373.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5373

reference_id

reference_type

scores

value	0.01799
scoring_system	epss
scoring_elements	0.82819
published_at	2026-04-16T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82781
published_at	2026-04-13T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82714
published_at	2026-04-01T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82785
published_at	2026-04-12T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.8279
published_at	2026-04-11T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82774
published_at	2026-04-09T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82767
published_at	2026-04-08T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82741
published_at	2026-04-07T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82744
published_at	2026-04-04T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.8273
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5373

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95762
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95762

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1415924
reference_id	1415924
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1415924

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5373

reference_id

CVE-2017-5373

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5373

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5373

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5n3q-eby7-67de

url VCID-84kk-wfxx-t3c8

vulnerability_id VCID-84kk-wfxx-t3c8

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5380.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5380.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5380

reference_id

reference_type

scores

value	0.01799
scoring_system	epss
scoring_elements	0.82819
published_at	2026-04-16T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82781
published_at	2026-04-13T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82714
published_at	2026-04-01T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82785
published_at	2026-04-12T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.8279
published_at	2026-04-11T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82774
published_at	2026-04-09T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82767
published_at	2026-04-08T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82741
published_at	2026-04-07T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82744
published_at	2026-04-04T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.8273
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5380

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1322107
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1322107

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95769

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416274
reference_id	1416274
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416274

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5380

reference_id

CVE-2017-5380

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5380

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5380

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84kk-wfxx-t3c8

url VCID-af6b-4jqc-fugx

vulnerability_id VCID-af6b-4jqc-fugx

summary The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5393

reference_id

reference_type

scores

value	0.00466
scoring_system	epss
scoring_elements	0.64435
published_at	2026-04-16T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64322
published_at	2026-04-01T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64414
published_at	2026-04-08T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64429
published_at	2026-04-12T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64442
published_at	2026-04-11T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64401
published_at	2026-04-13T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64376
published_at	2026-04-02T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64405
published_at	2026-04-04T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64366
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5393

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309282
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309282

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5393

reference_id

CVE-2017-5393

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5393

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5393

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-af6b-4jqc-fugx

url VCID-ahzr-nr7g-5ue2

vulnerability_id VCID-ahzr-nr7g-5ue2

summary A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5388

reference_id

reference_type

scores

value	0.0128
scoring_system	epss
scoring_elements	0.79605
published_at	2026-04-16T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79526
published_at	2026-04-01T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79578
published_at	2026-04-09T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79599
published_at	2026-04-11T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79583
published_at	2026-04-12T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79575
published_at	2026-04-13T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79532
published_at	2026-04-02T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79555
published_at	2026-04-04T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.79542
published_at	2026-04-07T12:55:00Z

value	0.0128
scoring_system	epss
scoring_elements	0.7957
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5388

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1281482
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1281482

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5388

reference_id

CVE-2017-5388

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5388

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5388

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahzr-nr7g-5ue2

url VCID-bjyq-1zfk-eugq

vulnerability_id VCID-bjyq-1zfk-eugq

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5383.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5383.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5383

reference_id

reference_type

scores

value	0.02444
scoring_system	epss
scoring_elements	0.85206
published_at	2026-04-16T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85185
published_at	2026-04-13T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85113
published_at	2026-04-01T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85188
published_at	2026-04-12T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.8519
published_at	2026-04-11T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85176
published_at	2026-04-09T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85168
published_at	2026-04-08T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85146
published_at	2026-04-07T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85143
published_at	2026-04-04T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85126
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5383

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1323338
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1323338

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1324716
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1324716

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95769

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416281
reference_id	1416281
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416281

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5383

reference_id

CVE-2017-5383

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5383

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5383

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjyq-1zfk-eugq

url VCID-c8p3-ef58-wudt

vulnerability_id VCID-c8p3-ef58-wudt

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5376.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5376.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5376

reference_id

reference_type

scores

value	0.01799
scoring_system	epss
scoring_elements	0.82819
published_at	2026-04-16T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82781
published_at	2026-04-13T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82714
published_at	2026-04-01T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82785
published_at	2026-04-12T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.8279
published_at	2026-04-11T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82774
published_at	2026-04-09T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82767
published_at	2026-04-08T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82741
published_at	2026-04-07T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.82744
published_at	2026-04-04T12:55:00Z

value	0.01799
scoring_system	epss
scoring_elements	0.8273
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5376

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1311687
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1311687

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95758
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95758

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416272
reference_id	1416272
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416272

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5376

reference_id

CVE-2017-5376

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5376

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5376

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8p3-ef58-wudt

url VCID-dv2d-9a59-xkaq

vulnerability_id VCID-dv2d-9a59-xkaq

summary Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5384

reference_id

reference_type

scores

value	0.00764
scoring_system	epss
scoring_elements	0.73463
published_at	2026-04-16T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.7337
published_at	2026-04-01T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73425
published_at	2026-04-09T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73448
published_at	2026-04-11T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73428
published_at	2026-04-12T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.7342
published_at	2026-04-13T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73378
published_at	2026-04-02T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73402
published_at	2026-04-04T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73374
published_at	2026-04-07T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73411
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5384

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1255474
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1255474

reference_url	https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/
reference_id
reference_type
scores
url	https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5384

reference_id

CVE-2017-5384

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5384

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5384

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dv2d-9a59-xkaq

url VCID-e2ww-ngam-cugq

vulnerability_id VCID-e2ww-ngam-cugq

summary The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5381

reference_id

reference_type

scores

value	0.01264
scoring_system	epss
scoring_elements	0.79471
published_at	2026-04-16T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79392
published_at	2026-04-01T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79445
published_at	2026-04-09T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79468
published_at	2026-04-11T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79452
published_at	2026-04-12T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79441
published_at	2026-04-13T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79399
published_at	2026-04-02T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79421
published_at	2026-04-04T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79408
published_at	2026-04-07T12:55:00Z

value	0.01264
scoring_system	epss
scoring_elements	0.79436
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5381

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1017616
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1017616

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5381

reference_id

CVE-2017-5381

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5381

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5381

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2ww-ngam-cugq

url VCID-gcen-3yba-a3ht

vulnerability_id VCID-gcen-3yba-a3ht

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5375.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5375.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5375

reference_id

reference_type

scores

value	0.60738
scoring_system	epss
scoring_elements	0.983
published_at	2026-04-16T12:55:00Z

value	0.60738
scoring_system	epss
scoring_elements	0.98294
published_at	2026-04-13T12:55:00Z

value	0.60738
scoring_system	epss
scoring_elements	0.98279
published_at	2026-04-01T12:55:00Z

value	0.60738
scoring_system	epss
scoring_elements	0.98285
published_at	2026-04-07T12:55:00Z

value	0.60738
scoring_system	epss
scoring_elements	0.98289
published_at	2026-04-08T12:55:00Z

value	0.60738
scoring_system	epss
scoring_elements	0.98281
published_at	2026-04-02T12:55:00Z

value	0.60738
scoring_system	epss
scoring_elements	0.98284
published_at	2026-04-04T12:55:00Z

value	0.60738
scoring_system	epss
scoring_elements	0.9829
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5375

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1325200
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1325200

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.exploit-db.com/exploits/42327/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/42327/

reference_url	https://www.exploit-db.com/exploits/44293/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44293/

reference_url	https://www.exploit-db.com/exploits/44294/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44294/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95757
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95757

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416271
reference_id	1416271
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416271

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5375

reference_id

CVE-2017-5375

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5375

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5375

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcen-3yba-a3ht

url VCID-hhtb-ha1v-tffj

vulnerability_id VCID-hhtb-ha1v-tffj

summary A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5377

reference_id

reference_type

scores

value	0.01847
scoring_system	epss
scoring_elements	0.8302
published_at	2026-04-16T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82917
published_at	2026-04-01T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82975
published_at	2026-04-09T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82991
published_at	2026-04-11T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82985
published_at	2026-04-12T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82981
published_at	2026-04-13T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82934
published_at	2026-04-02T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82946
published_at	2026-04-04T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82943
published_at	2026-04-07T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82968
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5377

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1306883
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1306883

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95761
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95761

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5377

reference_id

CVE-2017-5377

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5377

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5377

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhtb-ha1v-tffj

url VCID-htpg-t39z-nbex

vulnerability_id VCID-htpg-t39z-nbex

summary Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5379

reference_id

reference_type

scores

value	0.01753
scoring_system	epss
scoring_elements	0.82607
published_at	2026-04-16T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82505
published_at	2026-04-01T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82565
published_at	2026-04-09T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82583
published_at	2026-04-11T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82577
published_at	2026-04-12T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82571
published_at	2026-04-13T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82519
published_at	2026-04-02T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82534
published_at	2026-04-04T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82531
published_at	2026-04-07T12:55:00Z

value	0.01753
scoring_system	epss
scoring_elements	0.82557
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5379

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309198
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309198

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5379

reference_id

CVE-2017-5379

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5379

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5379

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htpg-t39z-nbex

url VCID-hyhc-qud7-6uax

vulnerability_id VCID-hyhc-qud7-6uax

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5396.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5396.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5396

reference_id

reference_type

scores

value	0.01838
scoring_system	epss
scoring_elements	0.82982
published_at	2026-04-16T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82943
published_at	2026-04-13T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82878
published_at	2026-04-01T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82947
published_at	2026-04-12T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82952
published_at	2026-04-11T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82936
published_at	2026-04-09T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82929
published_at	2026-04-08T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82904
published_at	2026-04-07T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82907
published_at	2026-04-04T12:55:00Z

value	0.01838
scoring_system	epss
scoring_elements	0.82895
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5396

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1329403
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1329403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95769

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416280
reference_id	1416280
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416280

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5396

reference_id

CVE-2017-5396

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5396

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5396

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyhc-qud7-6uax

url VCID-m59v-ygc2-qucg

vulnerability_id VCID-m59v-ygc2-qucg

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5378

reference_id

reference_type

scores

value	0.01705
scoring_system	epss
scoring_elements	0.82344
published_at	2026-04-16T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.8231
published_at	2026-04-13T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82241
published_at	2026-04-01T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82315
published_at	2026-04-12T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82322
published_at	2026-04-11T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82302
published_at	2026-04-09T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82295
published_at	2026-04-08T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82268
published_at	2026-04-07T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82273
published_at	2026-04-04T12:55:00Z

value	0.01705
scoring_system	epss
scoring_elements	0.82254
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5378

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1312001
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1312001

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1330769
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1330769

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95769

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416273
reference_id	1416273
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416273

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5378

reference_id

CVE-2017-5378

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5378

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5378

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m59v-ygc2-qucg

url VCID-qjs9-h3tt-qucf

vulnerability_id VCID-qjs9-h3tt-qucf

summary Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5391

reference_id

reference_type

scores

value	0.02446
scoring_system	epss
scoring_elements	0.85212
published_at	2026-04-16T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85119
published_at	2026-04-01T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85182
published_at	2026-04-09T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85196
published_at	2026-04-11T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85194
published_at	2026-04-12T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85191
published_at	2026-04-13T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85132
published_at	2026-04-02T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85149
published_at	2026-04-04T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85152
published_at	2026-04-07T12:55:00Z

value	0.02446
scoring_system	epss
scoring_elements	0.85174
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5391

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309310
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1309310

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5391

reference_id

CVE-2017-5391

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5391

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5391

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjs9-h3tt-qucf

url VCID-r34s-64j2-dfff

vulnerability_id VCID-r34s-64j2-dfff

summary Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5382

reference_id

reference_type

scores

value	0.00957
scoring_system	epss
scoring_elements	0.76486
published_at	2026-04-16T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76388
published_at	2026-04-01T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76448
published_at	2026-04-09T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76473
published_at	2026-04-11T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76451
published_at	2026-04-12T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76446
published_at	2026-04-13T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76392
published_at	2026-04-02T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.7642
published_at	2026-04-04T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76402
published_at	2026-04-07T12:55:00Z

value	0.00957
scoring_system	epss
scoring_elements	0.76434
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5382

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295322

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5382

reference_id

CVE-2017-5382

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5382

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5382

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r34s-64j2-dfff

url VCID-r7te-y4n3-1uhj

vulnerability_id VCID-r7te-y4n3-1uhj

summary Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5385

reference_id

reference_type

scores

value	0.00947
scoring_system	epss
scoring_elements	0.7637
published_at	2026-04-16T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76269
published_at	2026-04-01T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76329
published_at	2026-04-09T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76356
published_at	2026-04-11T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76334
published_at	2026-04-12T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.7633
published_at	2026-04-13T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76273
published_at	2026-04-02T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76303
published_at	2026-04-04T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76283
published_at	2026-04-07T12:55:00Z

value	0.00947
scoring_system	epss
scoring_elements	0.76316
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5385

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295945
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1295945

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5385

reference_id

CVE-2017-5385

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5385

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5385

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7te-y4n3-1uhj

url VCID-tjjd-y1pq-ckf4

vulnerability_id VCID-tjjd-y1pq-ckf4

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0238.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0238.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5390.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5390.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5390

reference_id

reference_type

scores

value	0.01748
scoring_system	epss
scoring_elements	0.82581
published_at	2026-04-16T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82545
published_at	2026-04-13T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82473
published_at	2026-04-01T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82549
published_at	2026-04-12T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82554
published_at	2026-04-11T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82536
published_at	2026-04-09T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82528
published_at	2026-04-08T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82501
published_at	2026-04-07T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82505
published_at	2026-04-04T12:55:00Z

value	0.01748
scoring_system	epss
scoring_elements	0.82487
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5390

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1297361
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1297361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.debian.org/security/2017/dsa-3832
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3832

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-03/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-03/

reference_url	http://www.securityfocus.com/bid/95769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95769

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416279
reference_id	1416279
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416279

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url	https://security.archlinux.org/ASA-201701-40
reference_id	ASA-201701-40
reference_type
scores
url	https://security.archlinux.org/ASA-201701-40

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url

https://security.archlinux.org/AVG-158

reference_id

AVG-158

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5390

reference_id

CVE-2017-5390

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5390

reference_url	https://security.gentoo.org/glsa/201702-13
reference_id	GLSA-201702-13
reference_type
scores
url	https://security.gentoo.org/glsa/201702-13

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_id

mfsa2017-03

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://access.redhat.com/errata/RHSA-2017:0238
reference_id	RHSA-2017:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0238

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5390

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjjd-y1pq-ckf4

url VCID-u1nc-fgsw-mkhc

vulnerability_id VCID-u1nc-fgsw-mkhc

summary Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5374

reference_id

reference_type

scores

value	0.01847
scoring_system	epss
scoring_elements	0.8302
published_at	2026-04-16T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82917
published_at	2026-04-01T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82975
published_at	2026-04-09T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82991
published_at	2026-04-11T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82985
published_at	2026-04-12T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82981
published_at	2026-04-13T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82934
published_at	2026-04-02T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82946
published_at	2026-04-04T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82943
published_at	2026-04-07T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82968
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5374

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1325344%2C1317501%2C1311319%2C1329989%2C1300145%2C1322305%2C1288561%2C1295747%2C1318766%2C1297808%2C1321374%2C1324810%2C1313385%2C1319888%2C1302231%2C1307458%2C1293327%2C1315447%2C1319456
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1325344%2C1317501%2C1311319%2C1329989%2C1300145%2C1322305%2C1288561%2C1295747%2C1318766%2C1297808%2C1321374%2C1324810%2C1313385%2C1319888%2C1302231%2C1307458%2C1293327%2C1315447%2C1319456

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95759
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95759

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5374

reference_id

CVE-2017-5374

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5374

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5374

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1nc-fgsw-mkhc

url VCID-vnuz-wp96-pqgt

vulnerability_id VCID-vnuz-wp96-pqgt

summary WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5389

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59111
published_at	2026-04-16T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.58975
published_at	2026-04-01T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59088
published_at	2026-04-08T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59094
published_at	2026-04-12T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59112
published_at	2026-04-11T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59075
published_at	2026-04-13T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.5905
published_at	2026-04-02T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59072
published_at	2026-04-04T12:55:00Z

value	0.00374
scoring_system	epss
scoring_elements	0.59037
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5389

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1308688
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1308688

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	http://www.securityfocus.com/bid/95763
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95763

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5389

reference_id

CVE-2017-5389

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5389

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5389

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnuz-wp96-pqgt

url VCID-vtwg-jhr9-nydc

vulnerability_id VCID-vtwg-jhr9-nydc

summary

Multiple vulnerabilities have been found in Mozilla Firefox, the
    worst of which may allow execution of arbitrary code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2017-0190.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2017-0190.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5386.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5386.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5386

reference_id

reference_type

scores

value	0.01186
scoring_system	epss
scoring_elements	0.7882
published_at	2026-04-16T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78762
published_at	2026-04-07T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78787
published_at	2026-04-08T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78795
published_at	2026-04-09T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78818
published_at	2026-04-11T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78801
published_at	2026-04-12T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78792
published_at	2026-04-13T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78741
published_at	2026-04-01T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.78748
published_at	2026-04-02T12:55:00Z

value	0.01186
scoring_system	epss
scoring_elements	0.7878
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5386

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319070
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319070

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3771
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3771

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-01/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-01/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-02/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-02/

reference_url	http://www.securityfocus.com/bid/95769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95769

reference_url	http://www.securitytracker.com/id/1037693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1416282
reference_id	1416282
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1416282

reference_url	https://security.archlinux.org/ASA-201701-39
reference_id	ASA-201701-39
reference_type
scores
url	https://security.archlinux.org/ASA-201701-39

reference_url

https://security.archlinux.org/AVG-157

reference_id

AVG-157

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5386

reference_id

CVE-2017-5386

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5386

reference_url	https://security.gentoo.org/glsa/201702-22
reference_id	GLSA-201702-22
reference_type
scores
url	https://security.gentoo.org/glsa/201702-22

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_id

mfsa2017-01

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_id

mfsa2017-02

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02

reference_url	https://access.redhat.com/errata/RHSA-2017:0190
reference_id	RHSA-2017:0190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0190

reference_url	https://usn.ubuntu.com/3175-1/
reference_id	USN-3175-1
reference_type
scores
url	https://usn.ubuntu.com/3175-1/

fixed_packages

url	pkg:deb/debian/firefox@51.0-1?distro=sid
purl	pkg:deb/debian/firefox@51.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-5386

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vtwg-jhr9-nydc

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@51.0-1%3Fdistro=sid

Package Instance