Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@50.1.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 50.1.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 51.0-1

Latest_non_vulnerable_version 150.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1tcx-3zn1-ykdq

vulnerability_id VCID-1tcx-3zn1-ykdq

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9904

reference_id

reference_type

scores

value	0.01192
scoring_system	epss
scoring_elements	0.78896
published_at	2026-04-24T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78848
published_at	2026-04-09T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78871
published_at	2026-04-11T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78854
published_at	2026-04-12T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78845
published_at	2026-04-13T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78873
published_at	2026-04-16T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.7887
published_at	2026-04-18T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78868
published_at	2026-04-21T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78797
published_at	2026-04-01T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78804
published_at	2026-04-02T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78833
published_at	2026-04-04T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78816
published_at	2026-04-07T12:55:00Z

value	0.01192
scoring_system	epss
scoring_elements	0.78841
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9904

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317936

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404091
reference_id	1404091
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404091

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9904

reference_id

CVE-2016-9904

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9904

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9904

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tcx-3zn1-ykdq

url VCID-2ptm-gx1p-uyhf

vulnerability_id VCID-2ptm-gx1p-uyhf

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9897

reference_id

reference_type

scores

value	0.0395
scoring_system	epss
scoring_elements	0.88381
published_at	2026-04-24T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88344
published_at	2026-04-08T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88351
published_at	2026-04-09T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88361
published_at	2026-04-11T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88353
published_at	2026-04-13T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88368
published_at	2026-04-16T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88365
published_at	2026-04-18T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88364
published_at	2026-04-21T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88298
published_at	2026-04-01T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88306
published_at	2026-04-02T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.8832
published_at	2026-04-04T12:55:00Z

value	0.0395
scoring_system	epss
scoring_elements	0.88325
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9897

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1301381
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1301381

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404087
reference_id	1404087
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404087

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
reference_id	cpe:2.3:a:mozilla:firefox_esr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9897

reference_id

CVE-2016-9897

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9897

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9897

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ptm-gx1p-uyhf

url VCID-2xe3-59tz-zbc3

vulnerability_id VCID-2xe3-59tz-zbc3

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9901.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9901.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9901

reference_id

reference_type

scores

value	0.0203
scoring_system	epss
scoring_elements	0.83857
published_at	2026-04-24T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83792
published_at	2026-04-09T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83808
published_at	2026-04-11T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83801
published_at	2026-04-12T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83797
published_at	2026-04-13T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83831
published_at	2026-04-18T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83832
published_at	2026-04-21T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83731
published_at	2026-04-01T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83744
published_at	2026-04-02T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83759
published_at	2026-04-04T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83762
published_at	2026-04-07T12:55:00Z

value	0.0203
scoring_system	epss
scoring_elements	0.83786
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9901

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320057
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320057

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404358
reference_id	1404358
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404358

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9901

reference_id

CVE-2016-9901

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9901

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9901

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xe3-59tz-zbc3

url VCID-4d2q-usge-77ft

vulnerability_id VCID-4d2q-usge-77ft

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9898

reference_id

reference_type

scores

value	0.02604
scoring_system	epss
scoring_elements	0.85668
published_at	2026-04-24T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85616
published_at	2026-04-09T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85629
published_at	2026-04-11T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85626
published_at	2026-04-12T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85622
published_at	2026-04-13T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85645
published_at	2026-04-16T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.8565
published_at	2026-04-18T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85647
published_at	2026-04-21T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.8555
published_at	2026-04-01T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85562
published_at	2026-04-02T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.8558
published_at	2026-04-04T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85585
published_at	2026-04-07T12:55:00Z

value	0.02604
scoring_system	epss
scoring_elements	0.85605
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9898

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1314442
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1314442

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404089
reference_id	1404089
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404089

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9898

reference_id

CVE-2016-9898

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9898

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9898

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4d2q-usge-77ft

url VCID-5dyh-s3yd-vqes

vulnerability_id VCID-5dyh-s3yd-vqes

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9895

reference_id

reference_type

scores

value	0.00709
scoring_system	epss
scoring_elements	0.72291
published_at	2026-04-24T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72213
published_at	2026-04-09T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72236
published_at	2026-04-11T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.7222
published_at	2026-04-12T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72206
published_at	2026-04-13T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72249
published_at	2026-04-16T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72259
published_at	2026-04-18T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72246
published_at	2026-04-21T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72161
published_at	2026-04-01T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72166
published_at	2026-04-02T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72186
published_at	2026-04-04T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72164
published_at	2026-04-07T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72201
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9895

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1312272
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1312272

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404086
reference_id	1404086
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404086

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9895

reference_id

CVE-2016-9895

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9895

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9895

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5dyh-s3yd-vqes

url VCID-9fsb-vzuc-efc5

vulnerability_id VCID-9fsb-vzuc-efc5

summary A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9894

reference_id

reference_type

scores

value	0.01889
scoring_system	epss
scoring_elements	0.83243
published_at	2026-04-24T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83114
published_at	2026-04-01T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83185
published_at	2026-04-12T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83181
published_at	2026-04-13T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83217
published_at	2026-04-16T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83218
published_at	2026-04-18T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83221
published_at	2026-04-21T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83131
published_at	2026-04-02T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83144
published_at	2026-04-04T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83142
published_at	2026-04-07T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83167
published_at	2026-04-08T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83175
published_at	2026-04-09T12:55:00Z

value	0.01889
scoring_system	epss
scoring_elements	0.83191
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9894

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1306628
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1306628

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9894

reference_id

CVE-2016-9894

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9894

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9894

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fsb-vzuc-efc5

url VCID-fgnu-kh7z-xuau

vulnerability_id VCID-fgnu-kh7z-xuau

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9902.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9902

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61399
published_at	2026-04-24T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61421
published_at	2026-04-11T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61406
published_at	2026-04-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61387
published_at	2026-04-13T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61425
published_at	2026-04-16T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61429
published_at	2026-04-18T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61412
published_at	2026-04-21T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61259
published_at	2026-04-01T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61339
published_at	2026-04-02T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61368
published_at	2026-04-04T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61338
published_at	2026-04-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61384
published_at	2026-04-08T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.614
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9902

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320039
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1320039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404359
reference_id	1404359
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404359

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9902

reference_id

CVE-2016-9902

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9902

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9902

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fgnu-kh7z-xuau

url VCID-gqhc-h5p7-dyh1

vulnerability_id VCID-gqhc-h5p7-dyh1

summary Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9903

reference_id

reference_type

scores

value	0.0071
scoring_system	epss
scoring_elements	0.72296
published_at	2026-04-24T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72165
published_at	2026-04-01T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72225
published_at	2026-04-12T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72211
published_at	2026-04-13T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72254
published_at	2026-04-16T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72264
published_at	2026-04-18T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.7225
published_at	2026-04-21T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72171
published_at	2026-04-02T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72191
published_at	2026-04-04T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72169
published_at	2026-04-07T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72206
published_at	2026-04-08T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72218
published_at	2026-04-09T12:55:00Z

value	0.0071
scoring_system	epss
scoring_elements	0.72241
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9903

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315435
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315435

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	0
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:M/C:N/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9903

reference_id

CVE-2016-9903

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9903

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9903

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqhc-h5p7-dyh1

url VCID-m5pb-75ag-tfep

vulnerability_id VCID-m5pb-75ag-tfep

summary Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.*

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9896

reference_id

reference_type

scores

value	0.01539
scoring_system	epss
scoring_elements	0.81422
published_at	2026-04-24T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81299
published_at	2026-04-01T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81384
published_at	2026-04-11T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81369
published_at	2026-04-12T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81361
published_at	2026-04-13T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81399
published_at	2026-04-16T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.814
published_at	2026-04-21T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81308
published_at	2026-04-02T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.8133
published_at	2026-04-04T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81329
published_at	2026-04-07T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81358
published_at	2026-04-08T12:55:00Z

value	0.01539
scoring_system	epss
scoring_elements	0.81363
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9896

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315543
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1315543

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9896

reference_id

CVE-2016-9896

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9896

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9896

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5pb-75ag-tfep

url VCID-pbrt-gcqj-kycv

vulnerability_id VCID-pbrt-gcqj-kycv

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9900

reference_id

reference_type

scores

value	0.01011
scoring_system	epss
scoring_elements	0.77177
published_at	2026-04-24T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77107
published_at	2026-04-09T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77135
published_at	2026-04-11T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77114
published_at	2026-04-12T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77109
published_at	2026-04-13T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77149
published_at	2026-04-16T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77151
published_at	2026-04-18T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77142
published_at	2026-04-21T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77049
published_at	2026-04-01T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77055
published_at	2026-04-02T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77083
published_at	2026-04-04T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77065
published_at	2026-04-07T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77097
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9900

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319122
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1319122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404090
reference_id	1404090
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404090

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9900

reference_id

CVE-2016-9900

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9900

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9900

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbrt-gcqj-kycv

url VCID-qu91-vc1p-dyb1

vulnerability_id VCID-qu91-vc1p-dyb1

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9899

reference_id

reference_type

scores

value	0.36421
scoring_system	epss
scoring_elements	0.97134
published_at	2026-04-24T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97102
published_at	2026-04-07T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97112
published_at	2026-04-09T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97116
published_at	2026-04-11T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97117
published_at	2026-04-12T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97118
published_at	2026-04-13T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97126
published_at	2026-04-16T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97129
published_at	2026-04-18T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97089
published_at	2026-04-01T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97096
published_at	2026-04-02T12:55:00Z

value	0.36421
scoring_system	epss
scoring_elements	0.97101
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9899

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317409
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1317409

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.exploit-db.com/exploits/41042/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/41042/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404083
reference_id	1404083
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404083

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html
reference_id	CVE-2016-9899
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9899

reference_id

CVE-2016-9899

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9899

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9899

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qu91-vc1p-dyb1

url VCID-wffz-7y83-qkbm

vulnerability_id VCID-wffz-7y83-qkbm

summary Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9080

reference_id

reference_type

scores

value	0.01847
scoring_system	epss
scoring_elements	0.83047
published_at	2026-04-24T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82917
published_at	2026-04-01T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82991
published_at	2026-04-11T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82985
published_at	2026-04-12T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82981
published_at	2026-04-13T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.8302
published_at	2026-04-18T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.83024
published_at	2026-04-21T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82934
published_at	2026-04-02T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82946
published_at	2026-04-04T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82943
published_at	2026-04-07T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82968
published_at	2026-04-08T12:55:00Z

value	0.01847
scoring_system	epss
scoring_elements	0.82975
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9080

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1289701%2C1314401%2C1315848
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1289701%2C1314401%2C1315848

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	http://www.securityfocus.com/bid/94883
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94883

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9080

reference_id

CVE-2016-9080

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9080

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9080

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wffz-7y83-qkbm

url VCID-ysg5-wc3n-fbgw

vulnerability_id VCID-ysg5-wc3n-fbgw

summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2946.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2946.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2973.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2973.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9893

reference_id

reference_type

scores

value	0.02683
scoring_system	epss
scoring_elements	0.85887
published_at	2026-04-24T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85842
published_at	2026-04-09T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85856
published_at	2026-04-11T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85853
published_at	2026-04-12T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85849
published_at	2026-04-13T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85868
published_at	2026-04-16T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85873
published_at	2026-04-18T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85866
published_at	2026-04-21T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85776
published_at	2026-04-01T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85789
published_at	2026-04-02T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85807
published_at	2026-04-04T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85813
published_at	2026-04-07T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85831
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9893

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2017/dsa-3757
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-3757

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-94/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-94/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-95/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-95/

reference_url	https://www.mozilla.org/security/advisories/mfsa2016-96/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2016-96/

reference_url	http://www.securityfocus.com/bid/94885
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94885

reference_url	http://www.securitytracker.com/id/1037461
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037461

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404096
reference_id	1404096
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404096

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9893

reference_id

CVE-2016-9893

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9893

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_id

mfsa2016-96

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-96

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

reference_url	https://usn.ubuntu.com/3165-1/
reference_id	USN-3165-1
reference_type
scores
url	https://usn.ubuntu.com/3165-1/

fixed_packages

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

aliases CVE-2016-9893

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysg5-wc3n-fbgw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

Package Instance