Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox@57.0-1?distro=sid

Type deb

Namespace debian

Name firefox

Version 57.0-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 57.0.1-1

Latest_non_vulnerable_version 149.0.2-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2xza-hhmr-5ybw

vulnerability_id VCID-2xza-hhmr-5ybw

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7826.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7826.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7826

reference_id

reference_type

scores

value	0.02383
scoring_system	epss
scoring_elements	0.85021
published_at	2026-04-21T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.84956
published_at	2026-04-04T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.84961
published_at	2026-04-07T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.84984
published_at	2026-04-08T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.84991
published_at	2026-04-09T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.85006
published_at	2026-04-11T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.85005
published_at	2026-04-12T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.85001
published_at	2026-04-13T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.85022
published_at	2026-04-16T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.85024
published_at	2026-04-18T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.84923
published_at	2026-04-01T12:55:00Z

value	0.02383
scoring_system	epss
scoring_elements	0.84939
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7826

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html

reference_url	https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html

reference_url	https://www.debian.org/security/2017/dsa-4035
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4035

reference_url	https://www.debian.org/security/2017/dsa-4061
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4061

reference_url	https://www.debian.org/security/2017/dsa-4075
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4075

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-25/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-25/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-26/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1513308
reference_id	1513308
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1513308

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url	https://security.archlinux.org/ASA-201711-43
reference_id	ASA-201711-43
reference_type
scores
url	https://security.archlinux.org/ASA-201711-43

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url

https://security.archlinux.org/AVG-530

reference_id

AVG-530

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-530

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7826

reference_id

CVE-2017-7826

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7826

reference_url	https://security.gentoo.org/glsa/201803-14
reference_id	GLSA-201803-14
reference_type
scores
url	https://security.gentoo.org/glsa/201803-14

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25

reference_id

mfsa2017-25

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-26

reference_id

mfsa2017-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-26

reference_url	https://access.redhat.com/errata/RHSA-2017:3247
reference_id	RHSA-2017:3247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3247

reference_url	https://access.redhat.com/errata/RHSA-2017:3372
reference_id	RHSA-2017:3372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3372

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

reference_url	https://usn.ubuntu.com/3490-1/
reference_id	USN-3490-1
reference_type
scores
url	https://usn.ubuntu.com/3490-1/

reference_url	https://usn.ubuntu.com/3688-1/
reference_id	USN-3688-1
reference_type
scores
url	https://usn.ubuntu.com/3688-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7826

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xza-hhmr-5ybw

url VCID-4437-azu7-hyhb

vulnerability_id VCID-4437-azu7-hyhb

summary Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7833

reference_id

reference_type

scores

value	0.01072
scoring_system	epss
scoring_elements	0.77778
published_at	2026-04-21T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.7769
published_at	2026-04-01T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.7775
published_at	2026-04-12T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77749
published_at	2026-04-13T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77786
published_at	2026-04-16T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77785
published_at	2026-04-18T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77697
published_at	2026-04-02T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77724
published_at	2026-04-04T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77707
published_at	2026-04-07T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77735
published_at	2026-04-08T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.7774
published_at	2026-04-09T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77766
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7833

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1370497
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1370497

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7833

reference_id

CVE-2017-7833

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7833

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7833

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4437-azu7-hyhb

url VCID-6a4w-c6p8-affn

vulnerability_id VCID-6a4w-c6p8-affn

summary Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7839

reference_id

reference_type

scores

value	0.00633
scoring_system	epss
scoring_elements	0.70375
published_at	2026-04-21T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.7028
published_at	2026-04-01T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70356
published_at	2026-04-12T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70342
published_at	2026-04-13T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70385
published_at	2026-04-16T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70395
published_at	2026-04-18T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70293
published_at	2026-04-02T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.7031
published_at	2026-04-04T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70288
published_at	2026-04-07T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70333
published_at	2026-04-08T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70348
published_at	2026-04-09T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70371
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7839

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1402896
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1402896

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7839

reference_id

CVE-2017-7839

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7839

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7839

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6a4w-c6p8-affn

url VCID-7xac-5zdj-9fgk

vulnerability_id VCID-7xac-5zdj-9fgk

summary Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu Chou reported memory safety bugs present in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7827

reference_id

reference_type

scores

value	0.02127
scoring_system	epss
scoring_elements	0.84173
published_at	2026-04-11T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84094
published_at	2026-04-01T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84185
published_at	2026-04-16T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84162
published_at	2026-04-13T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84167
published_at	2026-04-12T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84107
published_at	2026-04-02T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84124
published_at	2026-04-04T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84127
published_at	2026-04-07T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84149
published_at	2026-04-08T12:55:00Z

value	0.02127
scoring_system	epss
scoring_elements	0.84155
published_at	2026-04-09T12:55:00Z

value	0.02566
scoring_system	epss
scoring_elements	0.85557
published_at	2026-04-21T12:55:00Z

value	0.02566
scoring_system	epss
scoring_elements	0.85561
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7827

reference_url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7827

reference_id

CVE-2017-7827

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7827

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7827

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xac-5zdj-9fgk

url VCID-bk86-keag-kfg8

vulnerability_id VCID-bk86-keag-kfg8

summary Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7835

reference_id

reference_type

scores

value	0.00662
scoring_system	epss
scoring_elements	0.71178
published_at	2026-04-21T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71099
published_at	2026-04-01T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71164
published_at	2026-04-12T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71147
published_at	2026-04-13T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71193
published_at	2026-04-16T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.712
published_at	2026-04-18T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71108
published_at	2026-04-02T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71126
published_at	2026-04-04T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71101
published_at	2026-04-07T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71143
published_at	2026-04-08T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71155
published_at	2026-04-09T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71179
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7835

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1402363
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1402363

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7835

reference_id

CVE-2017-7835

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7835

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7835

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bk86-keag-kfg8

url VCID-dhyh-m8p3-ebdq

vulnerability_id VCID-dhyh-m8p3-ebdq

summary SVG loaded through <img> tags can use <meta> tags within the SVG data to set cookies for that page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7837

reference_id

reference_type

scores

value	0.00981
scoring_system	epss
scoring_elements	0.76814
published_at	2026-04-21T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76719
published_at	2026-04-01T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76784
published_at	2026-04-12T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76776
published_at	2026-04-13T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76817
published_at	2026-04-16T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76822
published_at	2026-04-18T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76722
published_at	2026-04-02T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76751
published_at	2026-04-04T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76733
published_at	2026-04-07T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76764
published_at	2026-04-08T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76775
published_at	2026-04-09T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76804
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7837

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1325923
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1325923

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7837

reference_id

CVE-2017-7837

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7837

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7837

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhyh-m8p3-ebdq

url VCID-e4pk-uyeh-xfgk

vulnerability_id VCID-e4pk-uyeh-xfgk

summary The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7832

reference_id

reference_type

scores

value	0.00981
scoring_system	epss
scoring_elements	0.76814
published_at	2026-04-21T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76719
published_at	2026-04-01T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76784
published_at	2026-04-12T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76776
published_at	2026-04-13T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76817
published_at	2026-04-16T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76822
published_at	2026-04-18T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76722
published_at	2026-04-02T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76751
published_at	2026-04-04T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76733
published_at	2026-04-07T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76764
published_at	2026-04-08T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76775
published_at	2026-04-09T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76804
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7832

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1408782
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1408782

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7832

reference_id

CVE-2017-7832

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7832

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7832

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4pk-uyeh-xfgk

url VCID-ebzs-h9p8-tbb4

vulnerability_id VCID-ebzs-h9p8-tbb4

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7830

reference_id

reference_type

scores

value	0.00862
scoring_system	epss
scoring_elements	0.75091
published_at	2026-04-21T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75043
published_at	2026-04-04T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75019
published_at	2026-04-07T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75053
published_at	2026-04-08T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75065
published_at	2026-04-09T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75087
published_at	2026-04-11T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75066
published_at	2026-04-12T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75056
published_at	2026-04-13T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75093
published_at	2026-04-16T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75101
published_at	2026-04-18T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75012
published_at	2026-04-01T12:55:00Z

value	0.00862
scoring_system	epss
scoring_elements	0.75014
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7830

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1408990
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1408990

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html

reference_url	https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html

reference_url	https://www.debian.org/security/2017/dsa-4035
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4035

reference_url	https://www.debian.org/security/2017/dsa-4061
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4061

reference_url	https://www.debian.org/security/2017/dsa-4075
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4075

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-25/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-25/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-26/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1513311
reference_id	1513311
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1513311

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url	https://security.archlinux.org/ASA-201711-43
reference_id	ASA-201711-43
reference_type
scores
url	https://security.archlinux.org/ASA-201711-43

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url

https://security.archlinux.org/AVG-530

reference_id

AVG-530

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-530

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7830

reference_id

CVE-2017-7830

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7830

reference_url	https://security.gentoo.org/glsa/201803-14
reference_id	GLSA-201803-14
reference_type
scores
url	https://security.gentoo.org/glsa/201803-14

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25

reference_id

mfsa2017-25

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-26

reference_id

mfsa2017-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-26

reference_url	https://access.redhat.com/errata/RHSA-2017:3247
reference_id	RHSA-2017:3247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3247

reference_url	https://access.redhat.com/errata/RHSA-2017:3372
reference_id	RHSA-2017:3372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3372

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

reference_url	https://usn.ubuntu.com/3490-1/
reference_id	USN-3490-1
reference_type
scores
url	https://usn.ubuntu.com/3490-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7830

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebzs-h9p8-tbb4

url VCID-gkrs-1aat-efhf

vulnerability_id VCID-gkrs-1aat-efhf

summary A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7834

reference_id

reference_type

scores

value	0.00984
scoring_system	epss
scoring_elements	0.76845
published_at	2026-04-21T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76748
published_at	2026-04-01T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76812
published_at	2026-04-12T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76806
published_at	2026-04-13T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76849
published_at	2026-04-16T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76854
published_at	2026-04-18T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76752
published_at	2026-04-02T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76781
published_at	2026-04-04T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76762
published_at	2026-04-07T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76793
published_at	2026-04-08T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76804
published_at	2026-04-09T12:55:00Z

value	0.00984
scoring_system	epss
scoring_elements	0.76833
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7834

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1358009
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1358009

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7834

reference_id

CVE-2017-7834

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7834

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7834

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkrs-1aat-efhf

url VCID-ka31-epgw-2kcq

vulnerability_id VCID-ka31-epgw-2kcq

summary Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7838

reference_id

reference_type

scores

value	0.01072
scoring_system	epss
scoring_elements	0.77778
published_at	2026-04-21T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.7769
published_at	2026-04-01T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.7775
published_at	2026-04-12T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77749
published_at	2026-04-13T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77786
published_at	2026-04-16T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77785
published_at	2026-04-18T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77697
published_at	2026-04-02T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77724
published_at	2026-04-04T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77707
published_at	2026-04-07T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77735
published_at	2026-04-08T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.7774
published_at	2026-04-09T12:55:00Z

value	0.01072
scoring_system	epss
scoring_elements	0.77766
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7838

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1399540
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1399540

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7838

reference_id

CVE-2017-7838

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7838

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7838

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ka31-epgw-2kcq

url VCID-kg3p-hut6-47f6

vulnerability_id VCID-kg3p-hut6-47f6

summary A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated _exposedProps_ mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7831

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.56073
published_at	2026-04-21T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55929
published_at	2026-04-01T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56082
published_at	2026-04-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56065
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.561
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56102
published_at	2026-04-18T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5604
published_at	2026-04-02T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56061
published_at	2026-04-04T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56039
published_at	2026-04-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5609
published_at	2026-04-08T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56094
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56105
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7831

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1392026
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1392026

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7831

reference_id

CVE-2017-7831

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7831

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7831

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kg3p-hut6-47f6

url VCID-qc2y-5tzg-ruav

vulnerability_id VCID-qc2y-5tzg-ruav

summary JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7840

reference_id

reference_type

scores

value	0.00633
scoring_system	epss
scoring_elements	0.70375
published_at	2026-04-21T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.7028
published_at	2026-04-01T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70356
published_at	2026-04-12T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70342
published_at	2026-04-13T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70385
published_at	2026-04-16T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70395
published_at	2026-04-18T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70293
published_at	2026-04-02T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.7031
published_at	2026-04-04T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70288
published_at	2026-04-07T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70333
published_at	2026-04-08T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70348
published_at	2026-04-09T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70371
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7840

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1366420
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1366420

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7840

reference_id

CVE-2017-7840

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7840

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7840

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qc2y-5tzg-ruav

url VCID-wwjw-cqjk-8qe2

vulnerability_id VCID-wwjw-cqjk-8qe2

summary

Multiple vulnerabilities have been found in Mozilla Thunderbird,
    the worst of which could lead to the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7828.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7828.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7828

reference_id

reference_type

scores

value	0.28905
scoring_system	epss
scoring_elements	0.96577
published_at	2026-04-21T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96574
published_at	2026-04-18T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.9653
published_at	2026-04-01T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96568
published_at	2026-04-16T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96562
published_at	2026-04-13T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96559
published_at	2026-04-12T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96556
published_at	2026-04-09T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96544
published_at	2026-04-04T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96546
published_at	2026-04-07T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96554
published_at	2026-04-08T12:55:00Z

value	0.28905
scoring_system	epss
scoring_elements	0.96538
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7828

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1406750
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1406750

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1412252
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1412252

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html

reference_url	https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html

reference_url	https://www.debian.org/security/2017/dsa-4035
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4035

reference_url	https://www.debian.org/security/2017/dsa-4061
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4061

reference_url	https://www.debian.org/security/2017/dsa-4075
reference_id
reference_type
scores
url	https://www.debian.org/security/2017/dsa-4075

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-25/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-25/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-26/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-26/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1513310
reference_id	1513310
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1513310

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url	https://security.archlinux.org/ASA-201711-43
reference_id	ASA-201711-43
reference_type
scores
url	https://security.archlinux.org/ASA-201711-43

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url

https://security.archlinux.org/AVG-530

reference_id

AVG-530

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-530

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7828

reference_id

CVE-2017-7828

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7828

reference_url	https://security.gentoo.org/glsa/201803-14
reference_id	GLSA-201803-14
reference_type
scores
url	https://security.gentoo.org/glsa/201803-14

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25

reference_id

mfsa2017-25

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-26

reference_id

mfsa2017-26

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-26

reference_url	https://access.redhat.com/errata/RHSA-2017:3247
reference_id	RHSA-2017:3247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3247

reference_url	https://access.redhat.com/errata/RHSA-2017:3372
reference_id	RHSA-2017:3372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3372

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

reference_url	https://usn.ubuntu.com/3490-1/
reference_id	USN-3490-1
reference_type
scores
url	https://usn.ubuntu.com/3490-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7828

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwjw-cqjk-8qe2

url VCID-xn3a-bun2-vkhy

vulnerability_id VCID-xn3a-bun2-vkhy

summary If a document’s Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for <link> elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7842

reference_id

reference_type

scores

value	0.00362
scoring_system	epss
scoring_elements	0.58329
published_at	2026-04-21T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58202
published_at	2026-04-01T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58359
published_at	2026-04-11T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58316
published_at	2026-04-13T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58349
published_at	2026-04-16T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58352
published_at	2026-04-18T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58288
published_at	2026-04-02T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58308
published_at	2026-04-04T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58282
published_at	2026-04-07T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58336
published_at	2026-04-12T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58342
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7842

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1397064
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1397064

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7842

reference_id

CVE-2017-7842

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7842

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_url	https://usn.ubuntu.com/3477-1/
reference_id	USN-3477-1
reference_type
scores
url	https://usn.ubuntu.com/3477-1/

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7842

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xn3a-bun2-vkhy

url VCID-y92g-afff-2ua7

vulnerability_id VCID-y92g-afff-2ua7

summary The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. *Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected.*

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7836

reference_id

reference_type

scores

value	0.00087
scoring_system	epss
scoring_elements	0.24987
published_at	2026-04-21T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25088
published_at	2026-04-01T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25068
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25014
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25023
published_at	2026-04-16T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25015
published_at	2026-04-18T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25169
published_at	2026-04-02T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.2521
published_at	2026-04-04T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24981
published_at	2026-04-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25049
published_at	2026-04-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25094
published_at	2026-04-09T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25109
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7836

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1401339
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1401339

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-24/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-24/

reference_url	http://www.securityfocus.com/bid/101832
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101832

reference_url	http://www.securitytracker.com/id/1039803
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039803

reference_url	https://security.archlinux.org/ASA-201711-23
reference_id	ASA-201711-23
reference_type
scores
url	https://security.archlinux.org/ASA-201711-23

reference_url

https://security.archlinux.org/AVG-494

reference_id

AVG-494

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-494

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel::::::::
reference_id	cpe:2.3:o:linux:linux_kernel::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7836

reference_id

CVE-2017-7836

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7836

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

reference_id

mfsa2017-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24

fixed_packages

url	pkg:deb/debian/firefox@57.0-1?distro=sid
purl	pkg:deb/debian/firefox@57.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

aliases CVE-2017-7836

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y92g-afff-2ua7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@57.0-1%3Fdistro=sid

Package Instance